Bug#319849: Security fix in just released 1.3.0rc2?
OoO En cette matinée ensoleillée du jeudi 18 août 2005, vers 09:18, Francesco Paolo Lovergine [EMAIL PROTECTED] disait: Shouldn't this bug be tagged security ? Moreover, since it is marked as closed in the BTS, will it be tracked correctly in the future ? Being now enabled versioning in BTS, yes. Do you mind if I add the tag security on it ? -- Localise input and output in subroutines. - The Elements of Programming Style (Kernighan Plauger)
Bug#319849: Security fix in just released 1.3.0rc2?
tags 319849 + security found 319849 1.2.10-15 thanks done On Sat, Aug 20, 2005 at 09:35:39AM +0200, Vincent Bernat wrote: OoO En cette matinée ensoleillée du jeudi 18 août 2005, vers 09:18, Francesco Paolo Lovergine [EMAIL PROTECTED] disait: Shouldn't this bug be tagged security ? Moreover, since it is marked as closed in the BTS, will it be tracked correctly in the future ? Being now enabled versioning in BTS, yes. Do you mind if I add the tag security on it ? -- Localise input and output in subroutines. - The Elements of Programming Style (Kernighan Plauger) -- Francesco P. Lovergine
Bug#319849: Security fix in just released 1.3.0rc2?
OoO En cette matinée pluvieuse du lundi 25 juillet 2005, vers 10:42, Francesco P. Lovergine [EMAIL PROTECTED] disait: I pointed both bugs at the very start of july (or end of june?) to both stable and testing secteams and sent at least 3 mails about the topic with patches and analysis for sarge, sid and woody. When secteam will judge it useful, they'll do that. Last time, I did wait months for that, for yardradius package. If you know something useful to accellerate the process, i'd like to know... Shouldn't this bug be tagged security ? Moreover, since it is marked as closed in the BTS, will it be tracked correctly in the future ? -- Format a program to help the reader understand it. - The Elements of Programming Style (Kernighan Plauger)
Bug#319849: Security fix in just released 1.3.0rc2?
On Thu, Aug 18, 2005 at 08:57:27AM +0200, Vincent Bernat wrote: OoO En cette matinée pluvieuse du lundi 25 juillet 2005, vers 10:42, Francesco P. Lovergine [EMAIL PROTECTED] disait: I pointed both bugs at the very start of july (or end of june?) to both stable and testing secteams and sent at least 3 mails about the topic with patches and analysis for sarge, sid and woody. When secteam will judge it useful, they'll do that. Last time, I did wait months for that, for yardradius package. If you know something useful to accellerate the process, i'd like to know... Shouldn't this bug be tagged security ? Moreover, since it is marked as closed in the BTS, will it be tracked correctly in the future ? Being now enabled versioning in BTS, yes. -- Francesco P. Lovergine
Bug#319849: Security fix in just released 1.3.0rc2?
Package: proftpd Severity: grave Justification: security thanks Hello Sounds like a security flaw. Please check the Debian versions. On Sun, Jul 24, 2005 at 09:46:28PM -0700, TJ Saunders wrote: Hello, ProFTPD community. The ProFTPD Project team is pleased to announce that the second release candidate for ProFTPD 1.3.0 is now available for public consumption. ... The 1.3.0rc2 release includes several bugfixes, including: + Fixed two format string vulnerabilities bye, -christian- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#319849: Security fix in just released 1.3.0rc2?
tag 319849 + sarge severity serious thanks On Mon, Jul 25, 2005 at 09:41:24AM +0200, Christian Hammers wrote: Package: proftpd Severity: grave Justification: security thanks That's quite annoying. They are fixed since ages in sid and my own packages for sarge at deb http://people.debian.org/~frankie/debian/sarge/ ./ which I strongly suggest to anyone having DoS problems due to a subtle bug open since release time (and fixed very recently by upstream). Sarge package is simply broken and should not be used (even with the two SQL flaws fixed) with mod_delay on. But mod_delay shouldn't stay off. I pointed both bugs at the very start of july (or end of june?) to both stable and testing secteams and sent at least 3 mails about the topic with patches and analysis for sarge, sid and woody. When secteam will judge it useful, they'll do that. Last time, I did wait months for that, for yardradius package. If you know something useful to accellerate the process, i'd like to know... -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#319849: Security fix in just released 1.3.0rc2?
On Mon, Jul 25, 2005 at 10:42:15AM +0200, Francesco P. Lovergine wrote: tag 319849 + sarge severity serious thanks Please use the found and close commands as documented in Colin Watson's recent mail to debian-devel-announce, instead of the sarge/etch/sid tags, since the latter will be deprecated eventually. Thanks, -- Steve Langasek postmodern programmer signature.asc Description: Digital signature