[Secure-testing-team] page with unfixed holes
Joey Hess
joeyh at debian.org
Tue Jan 18 23:05:16 UTC 2005
Paul Dwerryhouse wrote:
> I've fixed bug #279973 (CAN-2003-0875) for the openslp source package,
> by replacing the etc/slpd.all_init file with one from version 1.2.0 (it
> isn't used in Debian anyway, though).
>
> The new package is here:
>
> http://leapster.org/linux/debian/tmp/
>
> I'm not a DD, so I can't upload it anywhere. Is someone able to do this?
I think the best way for this bug to be fixed is for the developer or a
NMU to update it to the new upstream version. The security hole only
affects the source package so is not very urgent for us, and just patching
it in the diff isn't a complete fix since the tarball would continue to
have the bad file.
--
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050118/849cc54a/attachment.pgp
More information about the Secure-testing-team
mailing list