cyrus-sasl2 stable update for #465561
Roberto C. Sánchez
roberto at connexer.com
Tue Mar 3 01:15:14 UTC 2009
On Thu, Jan 29, 2009 at 09:21:48PM +0100, Nico Golde wrote:
> Hi,
> an insecure temporary file creation was reported to the cyrus-sasl2 package some time ago.
> This is Debian bug #465561.
>
> Unfortunately the vulnerability is not important enough to get it fixed via
> regular security update in Debian stable. It does not warrant a DSA.
>
> However it would be nice if this could get fixed via a regular point update[0].
> Please contact the release team for this.
>
I wonder if this is worth persuing. Lenny is now released and this bug
was fixed in version 2.1.22.dfsg1-18 (Lenny released with version
2.1.22.dfsg1-23). Will there be any more point releases of Etch?
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20090302/132821dd/attachment.pgp
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list