* Andreas Barth ([EMAIL PROTECTED]) [050505 10:25]: > * Frederic Peters ([EMAIL PROTECTED]) [050505 09:10]: > > Hello, > > > > The ethereal project released 0.10.11 today which fixes even more > > security issues than the usual release, they are detailed in > > http://www.ethereal.com/appnotes/enpa-sa-00019.html > > and summarized in the Debian changelog entry: > > > > ethereal (0.10.11-1) unstable; urgency=high > > > > * New upstream release; urgency high since it fixes security issues in the > > following dissectors: > > * format string vulnerabilities: ANSI A, DHCP > > * segmentation faults: GSM MAP, AIM, TZSP, Bittorrent, SMB, GSM, SMB > > NETLOGON > > * buffer overflows: DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, > > OCSP, PKIX1Explitit, PKIX Qualified, X.509, NCP, ISUP, TCAP, > > Presentation > > * null pointer exception: KINK, WSP, SMB Mailslot, H.245, MGCP, RPC > > * infinite loops: LMP, EIGRP, MEGACO, L2TP > > * uncaught assertions: Telnet, 802.3, BER, IAX2, RADIUS, SMB PIPE, > > MRDISC > > * memory exhaustion: DICOM > > * unclassified: Fibre Channel, LDAP, NTLMSSP > > > > -- Frederic Peters <[EMAIL PROTECTED]> Thu, 5 May 2005 08:43:00 +0200 > > > > > > Can I upload this to testing-proposed-updates ? And is the correct > > way simply to change the changelog first line to: > > ethereal (0.10.11-1) testing-proposed-updated unstable; urgency=high > > ? > > Well, if it is a security-only release, just upload to unstable, and > I'll push it through. If there are changes not appropriate for sarge, > than please either just upload the appropriate changes (that's our > prefered policy), or upload 0.10.10-2sarge1 to t-p-u (and just write > "testing" or "testing-proposed-updates" instead of unstable there).
Three further remarks: - of course, a push-through from unstable can contain also non-security important and RC bug fixes, as well as documentation and i10n updates (see Steve's mail to d-d-a for reference) - Also, there is the possibility of a security upload of the security team. Please see the developers-reference for details how to do that. - If there are CAN-numbers etc assigned, plesse mention them in the changelog. If there are none, please coordinate with the security-team whether we need some. Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
