[Pkg-openldap-devel] planning another jessie upload
Luciano Bello
luciano at debian.org
Thu Feb 5 23:32:53 UTC 2015
On Wednesday 04 February 2015 20.00.41 Luca BRUNO wrote:
> Should the two bugs above get a CVE assigned?
Debian usually assign CVE from its pool when the issues is not public yet. In
this cases, I think the best is to request the corresponding ids in
http://oss-security.openwall.org/wiki/mailing-lists/oss-security
> #776991 is a regression in 2.4.40, while #776988 affects all releases
> but is not enabled by default. Both are remote crashers.
> We plan to fix both in jessie and bpo, and the older one in wheezy.
Given the low severity of the bugs, they can be fixed via s-p-u.
Thanks for your work on this, luciano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20150206/f0ffe8d6/attachment.sig>
More information about the Pkg-openldap-devel
mailing list