thr3ads.net - Secure testing commits - [Secure-testing-commits] r11501

If this information is useful, please help other people find it:
Share via:

gilbert-guest at alioth.debian.org

2009-Mar-31 04:14 UTC

[Secure-testing-commits] r11501 - data/CVE

Author: gilbert-guest
Date: 2009-03-31 04:14:07 +0000 (Tue, 31 Mar 2009)
New Revision: 11501

Modified:
   data/CVE/list
Log:
add bug number and severity for openssl issue


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-03-31 00:06:51 UTC (rev 11500)
+++ data/CVE/list	2009-03-31 04:14:07 UTC (rev 11501)
@@ -1954,7 +1954,7 @@
 	- openssl <not-affected> (vulnerable versions not uploaded to Debian)
 CVE-2009-0590
 	RESERVED
-	- openssl <unfixed>
+	- openssl <unfixed> (medium; bug #522002)
 CVE-2009-0589
 	RESERVED
 CVE-2009-0588

Nico Golde

2009-Mar-31 09:11 UTC

head link

[Secure-testing-commits] r11501 - data/CVE

Hi,
* gilbert-guest at alioth.debian.org <gilbert-guest at alioth.debian.org>
[2009-03-31 10:16]:
[...] >  CVE-2009-0590
>  	RESERVED
> -	- openssl <unfixed>
> +	- openssl <unfixed> (medium; bug #522002)
Given that you filed the bug as important I think medium 
does a little sense here.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20090331/b636a669/attachment.pgp

Michael S. Gilbert

2009-Mar-31 14:22 UTC

head link

[Secure-testing-commits] r11501 - data/CVE

On Tue, 31 Mar 2009 11:11:51 +0200, Nico Golde wrote:
> Hi,
> * gilbert-guest at alioth.debian.org <gilbert-guest at
alioth.debian.org> [2009-03-31 10:16]:
> [...] 
> >  CVE-2009-0590
> >  	RESERVED
> > -	- openssl <unfixed>
> > +	- openssl <unfixed> (medium; bug #522002)
> 
> Given that you filed the bug as important I think medium 
> does a little sense here.
agreed.  my mistake.  thanks for fixing.

Michael S. Gilbert

2009-Mar-31 14:32 UTC

head link

[Secure-testing-commits] r11501 - data/CVE

On Tue, 31 Mar 2009 10:22:18 -0400, Michael S. Gilbert wrote:
> On Tue, 31 Mar 2009 11:11:51 +0200, Nico Golde wrote:
> 
> > Hi,
> > * gilbert-guest at alioth.debian.org <gilbert-guest at
alioth.debian.org> [2009-03-31 10:16]:
> > [...] 
> > >  CVE-2009-0590
> > >  	RESERVED
> > > -	- openssl <unfixed>
> > > +	- openssl <unfixed> (medium; bug #522002)
> > 
> > Given that you filed the bug as important I think medium 
> > does a little sense here.
> 
> agreed.  my mistake.  thanks for fixing.
here was my original logic:

i thought a higher urgency would make sense since ubuntu''s fix is
already out there, and hence it should be easier/quicker to get a
debian fix out too.

and as well, it is important to maintain security parity with other
distributions (it looks bad that debian often takes longer to put out
fixes than other distros).  i understand that everyone is working hard,
and i don''t want to disparage that, but i think we can (and should
aim to) do better.

Secure testing commits - Mar 2009 - r11501 - data/CVE

[Secure-testing-commits] r11501 - data/CVE

[Secure-testing-commits] r11501 - data/CVE

[Secure-testing-commits] r11501 - data/CVE

[Secure-testing-commits] r11501 - data/CVE