[Pkg-erlang-devel] Bug#628456: Bug#628456: CVE-2011-0766: cryptographic weakness

Luk Claes luk at debian.org
Thu Dec 29 12:05:55 UTC 2011


On 12/29/2011 12:38 PM, Sergei Golovan wrote:
> Hi!
> 
> On Thu, Dec 29, 2011 at 12:48 PM, Luk Claes <luk at debian.org> wrote:
>> Hi
>>
>> It looks like this bug still needs fixing in squeeze. I'm not sure what
>> impact the VSN changes have in the upstream patch [1]. Can you have a
>> look and maybe prepare and test a fixed package?
> 
> I'm working on it. Will upload the fix into squeeze-proposed-updates in a few
> days. Should I in advance send the patch to the debian-release mailing list?

Are you sure the Security Team thinks it does not warrant a DSA? I would
send the patch to the Security Team to see if they want to issue a DSA
or rather have it go via proposed-updates (in which case the patch
should be sent to the Release Team).

Cheers

Luk





More information about the Pkg-erlang-devel mailing list