Hi Thijs, from the announcement mail:
> Migrated from unstable: > ======================= > r-base 2.7.1-1+lenny1: > DTSA-162-1 : r-base - symlink attack > CVE-2008-3931: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3931 > http://bugs.debian.org/496418 Something is strange here (and I want to improve the announcement script). AFAICS you did a t-p-u upload for r-base. Was this the same package as the one from the DTSA? Strangely, there is no r-base package for lenny on klecker anymore. Was it removed manually? Or do the packages get removed from klecker automatically when they are accepted in t-p-u? Cheers, Stefan PS: The DTSA is here: http://lists.alioth.debian.org/pipermail/secure-testing-commits/2008-August/010110.html
This automatic mail gives an overview over security issues that were recently fixed in Debian Testing. The majority of fixed packages migrate to testing from unstable. If this would take too long, fixed packages are uploaded to the testing-security repository instead. It can also happen that vulnerable packages are removed from Debian testing. Migrated from unstable: ======================= jhead 2.84-2: CVE-2008-4641: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4641 http://bugs.debian.org/503645 kvirc 2:3.4.0-3: CVE-2008-4748: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4748 http://bugs.debian.org/503401 phpmyadmin 4:2.11.8.1-4: CVE-2008-4775: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4775 r-base 2.7.1-1+lenny1: DTSA-162-1 : r-base - symlink attack CVE-2008-3931: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3931 http://bugs.debian.org/496418 How to update: -------------- Make sure the line deb http://security.debian.org lenny/updates main contrib non-free is present in your /etc/apt/sources.list. Of course, you also need the line pointing to your normal lenny mirror. You can use aptitude update && aptitude dist-upgrade to install the updates. More information: ----------------- More information about which security issues affect Debian can be found in the security tracker: http://security-tracker.debian.net/tracker/ A list of all known unfixed security issues is at http://security-tracker.debian.net/tracker/status/release/testing -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
