[Secure-testing-team] [Secure-testing-commits] r12553 - data/CVE
Nico Golde
debian-secure-testing+ml at ngolde.de
Mon Aug 10 19:35:17 UTC 2009
Hi,
* Michael S. Gilbert <michael.s.gilbert at gmail.com> [2009-08-10 21:14]:
> On Mon, 10 Aug 2009 18:58:17 +0000, Nico Golde wrote:
[...]
> > CVE-2009-2414 [libxml2 stack recursion]
> > RESERVED
> > - libxml2 <unfixed> (medium; bug #540865)
> > - [etch] - libxml <unfixed>
> > + [lenny] - libxml <removed>
>
> i still don't think this is what you're trying to get at. you want to
> mark it is removed from unstable, which will automatically also mark
> it removed from lenny.
No, why should it remove it as removed from lenny as well in
this case?
> then you want to do something special for etch, and i think your intent
> is a no-dsa?
Not sure yet.
> or if you don't want to do that, you can not add an etch
> entry, and it will be tracked as affected.
So my current intention is to mark lenny as not containing
libxml and since thsi will be tracked upwards unless marked
as unfixed in unstable this should mark unstable as not
containing libxml as well but etch as unfixed.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20090810/ca370ce7/attachment.pgp>
More information about the Secure-testing-team
mailing list