Jacob Nevins wrote:> [I''m not a Debian developer, but part of upstream for PuTTY. Apologies > if this is none of my business, or I should have left it to Colin.] > > I note that putty, which has a security bug (#296144) fixed in unstable > but not yet testing, is not currently on the list at > <http://merkel.debian.org/~joeyh/testing-security.html> which was > advertised on debian-devel* recently (nor the one on newraff.debian.org). > The bug was filed, and the upload made, three days ago. > > I''m not sure how things get on your list; I''m mailing you in case it > should already be on the list. (I have an ulterior motive, of course, to > try to ensure the 0.57 security fix gets into sarge -- especially since > it currently appears to be held up by xfree86-fubar''d buildd''s.) > > FWIW, I added a CVE ID to the bug report, but only after it was closed > (I didn''t know it before that!) > > Again, sorry if this is unnecessary interference.Thanks for the info. Nobody on the team had processed CAN-2004-1440 yet. I''ve added the info about the fix to our database. -- see shy jo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050223/a20fe3aa/attachment.pgp
Jacob Nevins
2006-Mar-13 12:28 UTC
[Secure-testing-team] "testing security issues" - PuTTY
[I''m not a Debian developer, but part of upstream for PuTTY. Apologies if this is none of my business, or I should have left it to Colin.] I note that putty, which has a security bug (#296144) fixed in unstable but not yet testing, is not currently on the list at <http://merkel.debian.org/~joeyh/testing-security.html> which was advertised on debian-devel* recently (nor the one on newraff.debian.org). The bug was filed, and the upload made, three days ago. I''m not sure how things get on your list; I''m mailing you in case it should already be on the list. (I have an ulterior motive, of course, to try to ensure the 0.57 security fix gets into sarge -- especially since it currently appears to be held up by xfree86-fubar''d buildd''s.) FWIW, I added a CVE ID to the bug report, but only after it was closed (I didn''t know it before that!) Again, sorry if this is unnecessary interference.