On Wed, Sep 06, 2006 at 12:03:34PM +0200, Lionel Elie Mamane wrote: > There seems to have been a screw-up in handling of mailman security > and stable updates: There are two different mailman packages in Debian > with version number 2.1.5-8sarge3.
> -8sarge3 maintainer update (that got frozen waiting for -8sarge2 to > happen in order not to conflict with it) to fix bug #358575, a > severity critical bug. > -8sarge3 security update to fix: > formt string vulnerability [src/common.c, > debian/patches/72_CVE-2006-2191.dpatch] > > The situation right now: > - sarge r3 contains mailman 2.1.5-8sarge3, but some architectures > have the security update (such as i386) and others have the > maintainer update (such as source, sparc and alpha). > Thus all architectures are screwed up in one way or the other. > Stable release team, please react accordingly; you may for example > do a binary sourceless NMU for the architectures that have -8sarge3 > the security update so that they all have -8sarge3 the maintainer > update. I have now heard about what the security problem addressed in -8sarge3 the security update is. It is believed not to be exploitable. I thus now officially request a binary NMU to replace -8sarge3 the security update by -8sarge3 the maintainer update on the arches that have -8sarge3 the security update. -- Lionel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
