On Wed, Jan 05, 2005 at 05:42:39AM -0500, Joey Hess wrote:> I''ve put together a web page with info on holes that arn''t fixed in > sarge yet.[snip] I''ve fixed bug #279973 (CAN-2003-0875) for the openslp source package, by replacing the etc/slpd.all_init file with one from version 1.2.0 (it isn''t used in Debian anyway, though). The new package is here: http://leapster.org/linux/debian/tmp/ I''m not a DD, so I can''t upload it anywhere. Is someone able to do this? Cheers, Paul. -- Paul Dwerryhouse | PGP Key ID: (not in) Melbourne, Australia | 0x6B91B584
Paul Dwerryhouse wrote:> I''ve fixed bug #279973 (CAN-2003-0875) for the openslp source package, > by replacing the etc/slpd.all_init file with one from version 1.2.0 (it > isn''t used in Debian anyway, though). > > The new package is here: > > http://leapster.org/linux/debian/tmp/ > > I''m not a DD, so I can''t upload it anywhere. Is someone able to do this?I think the best way for this bug to be fixed is for the developer or a NMU to update it to the new upstream version. The security hole only affects the source package so is not very urgent for us, and just patching it in the diff isn''t a complete fix since the tarball would continue to have the bad file. -- see shy jo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050118/849cc54a/attachment.pgp
On Tue, Jan 18, 2005 at 06:05:16PM -0500, Joey Hess wrote:> I think the best way for this bug to be fixed is for the developer or a > NMU to update it to the new upstream version. The security hole only > affects the source package so is not very urgent for us, and just patching > it in the diff isn''t a complete fix since the tarball would continue to > have the bad file.Good point. Don''t quite know what I was thinking when I did that ;) I''ve mailed the maintainer, to find out if he''s looking at the issue. In the meantime, I''ve Debianised openslp 1.2.0, just in case: http://leapster.org/linux/debian/tmp/ Cheers, Paul. -- Paul Dwerryhouse | PGP Key ID: (not in) Melbourne, Australia | 0x6B91B584
I''ve put together a web page with info on holes that arn''t fixed in sarge yet. It''s updated hourly from the info in svn: http://merkel.debian.org/~joeyh/testing-security.html There''s a BSP next weekend, I wonder if we should take the opportunity to get together and work on fixes for the ones that still have open bugs? -- see shy jo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050105/64e678d5/attachment.pgp