[Secure-testing-commits] r11501 - data/CVE
Michael S. Gilbert
michael.s.gilbert at gmail.com
Tue Mar 31 14:32:36 UTC 2009
On Tue, 31 Mar 2009 10:22:18 -0400, Michael S. Gilbert wrote:
> On Tue, 31 Mar 2009 11:11:51 +0200, Nico Golde wrote:
>
> > Hi,
> > * gilbert-guest at alioth.debian.org <gilbert-guest at alioth.debian.org> [2009-03-31 10:16]:
> > [...]
> > > CVE-2009-0590
> > > RESERVED
> > > - - openssl <unfixed>
> > > + - openssl <unfixed> (medium; bug #522002)
> >
> > Given that you filed the bug as important I think medium
> > does a little sense here.
>
> agreed. my mistake. thanks for fixing.
here was my original logic:
i thought a higher urgency would make sense since ubuntu's fix is
already out there, and hence it should be easier/quicker to get a
debian fix out too.
and as well, it is important to maintain security parity with other
distributions (it looks bad that debian often takes longer to put out
fixes than other distros). i understand that everyone is working hard,
and i don't want to disparage that, but i think we can (and should
aim to) do better.
More information about the Secure-testing-commits
mailing list