On Tue, Jun 07, 2005 at 12:25:51PM +1000, Anibal Monsalve Salazar wrote: >On Tue, Jun 07, 2005 at 12:14:19PM +1000, Anibal Monsalve Salazar wrote: >>On Mon, Jun 06, 2005 at 09:31:05PM -0400, George Georgalis wrote: >>> >>>This was the changelog.Debian.gz entry for the last bzip2 update: >>> >>>bzip2 (1.0.2-1.woody2) stable-security; urgency=high >>> >>> * Non-maintainer upload by the Security Team >>> * No changes rebuild because maintainer prevented distribution of >>> security fix, thanks a lot! >>> >>>The only useful information I see threre is "urgency=high" -- but no >>>clear explinaton. Was this just an incomplete log? The maintainer did >>>not respond to my inquiry. Is there a CAN? Is there a better file to >>>extract specific info from? >>> >>>I can read; but the second point is ambigous, the first point doesn't >>>help, nor does the urgency level. So what exactly happened? >> >>I uploaded bzip2 1.0.2-1.1 to stable which clashed with Martin >>Schulze's plan. >> >>1.0.2-1.woody2 is the same as 1.0.2-1.1. >> >> bzip2 (1.0.2-1.1) stable; urgency=medium >> . >> * Fixed RC bug "file permissions modification race (CAN-2005-0953)", >> closes: >> #303300. Patch by Santiago Ruano Rincon <[EMAIL PROTECTED]>. >> Original patch available at >> http://marc.theaimsgroup.com/?l=bugtraq&m=111352423504277&w=2 >> >>I submitted 1.0.2-1.woody3 and Martin included in the last release >>of woody. > >Aparently, he didn't include it in the last release of woody. > >> bzip2 (1.0.2-1.woody3) stable-security; urgency=high >> . >> * Fixed "CAN-2005-1260 decompression bomb vulnerability", closes: #310803. >> Patch by Martin Pitt <[EMAIL PROTECTED]>. >
Okay, so "Woody" is still exposed to CAN-2005-0953 and CAN-2005-1260, I've not tried a dist-upgrade yet... // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
