vdr stable update for #496421
Nico Golde
debian-release+ml at ngolde.de
Thu Oct 2 12:37:23 UTC 2008
Hi Thomas,
* Thomas Schmidt <tschmidt at debian.org> [2008-10-02 14:23]:
> Am Donnerstag, den 02.10.2008, 13:45 +0200 schrieb Nico Golde:
> > an insecure temporary file creation was reported to the vdr some time ago.
> > This is Debian bug #496421.
> >
> > Unfortunately the vulnerability is not important enough to get it fixed via
> > regular security update in Debian stable. It does not warrant a DSA.
> >
> > However it would be nice if this could get fixed via a regular point update[0].
> > Please contact the release team for this.
>
> Thank you for your efforts, but in this case an update for stable is not
> necessary, because the buggy code hat not been part of any stable release,
> it was introduced in version 1.6.0-1, while current stable only has version
> 1.4.4-1.
Thank you, this was not known to us so far. I added this to
the security tracker.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-vdr-dvb-devel/attachments/20081002/de7db0e5/attachment.pgp
More information about the pkg-vdr-dvb-devel
mailing list