[Pkg-shadow-devel] Bug#379174: Shadow security update for
CVE-2006-3378
Steve Kemp
skx at debian.org
Sun Jul 23 16:24:06 UTC 2006
On Sun, Jul 23, 2006 at 06:16:00PM +0200, Christian Perrier wrote:
> Hello dear Security team (and ftpmasters, and shadow package maintainers),
>
> Being back from 2 days holiday I discover CVE-2006-3378 which has just
> been revealed to our attention (#359174 in the BTS).
I guess you mean #379174 here?
> What I propose to you, as soon as we have a fix for CVE-2006-3378:
>
>
> -urgently destroy 4.0.3-31sarge6 and 31sarge7 from the
> proposed-updates queue. Need ftpmasters collaboration with high urgency
> -the security team, or the shadow package team, prepares
> 4.0.3-31sarge6 with the fix for CVE-2006-3378 *ALONE*
> -the shadow package team prepares 4.0.3-31sarge7 with BOTH updates and
> sends it to the proposed-updates queue so that it can be picked by the
> SRM team when they're ready to update sarge
>
Sounds fine from the security point of view. Once a patch is
available at least.
Steve
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20060723/85dda89e/attachment-0003.pgp
More information about the Pkg-shadow-devel
mailing list