>On Wed, Aug 11, 2004 at 10:42:03PM -0300, Joey Hess wrote: >> We have now finished checking all the DSAs since woody's release, except >> for a few that we didn't reach any conclusions on. That the following >> DSAs seem to still be unfixed in sarge: > >> php4 4:4.3.8-1 needed, have 4:4.3.4-4 for DSA-531 >> netkit-telnet-ssl 0.17.24+0.1-2 needed, have 0.17.24+0.1-1 for DSA-529 >> pavuk (unfixed; bug #264684) for DSA-527 >> rlpr (unfixed; bug #255402) for DSA-524 >> lha 1.14i-8 needed, have 1.14i-2 for DSA-515 >> log2mail (unfixed; bug #264687) for DSA-513 >> mysql-dfsg 4.0.18-6 needed, have 4.0.18-5 for DSA-483 >> hsftp 1.15-1 needed, have 1.12-1 for DSA-447 >> trr19 (unfixed; bug #264702) for DSA-430 >> slocate (unfixed; bug #226103) for DSA-428 >> tomcat4 4.1.24-2 needed, have 4.0.4-4 for DSA-395 >> gtksee 0.5.6-1 needed, have 0.5.2-0.1 for DSA-337 >> tomcat4 4.1.16-1 needed, have 4.0.4-4 for DSA-225 > >Hmm, do I understand right that the above is really the complete list of >security fixes pending for sarge?
FYI, at least apache2 still has a pending security issue (#256963 should be reopened and tagged sarge, [CAN-2004-0493] and [CAN-2004-0488]) Fixed in 2.0.50-1, propagation to testing awaiting builds of 2.0.50-8 for s390 and m68k. Maybe there are some other packages left - especially those not in woody. - Christian
