Hi, Am Freitag 12 Januar 2007 06:57 schrieb Kees Cook: > > One thing I'd like to figure out is some way to publicize universe > security updates more widely. One place that collects the "recent > package updates" is the Ubuntu Weekly Newsletter. There's a Security > Updates section which catches USNs (for main), and an Updates section > which catches notifications sent to the $RELEASE-changes mailing list, > but since security uploads are done kind of side-ways, they seem to > bypass the -changes mailing lists (and as a result, the Newsletter).
hm... I could collect the info from the bug-mails to which motu-swat is subscribed and do a small summary each two weeks or so, which UWN could then pick up. However for this to work it's very helpful if you follow some simple rules for bugs: * a fix has been released (either via USN, or normal upload/sync if it's a feisty one): Mark the bug for the distribution as Fix released *and* leave a comment that it's fixed and in which distribution (or even better: the changes mail/file, see e.g. acroread bug). (I cannot track otherwise if the fix has been released a long time ago already) * an older version ubuntu version is not vulnerable, but has been targeted: Reject this instance of the bug. (e.g. gallery2). Here the most recent fixes: dokuwiki (dapper): CVE 2006-2878, CVE 2006-2945, CVE 2006-5098, CVE 2006-5099 https://launchpad.net/bugs/45887 acroread (feisty): CVE 2007-0045, CVE 2007-0046 https://launchpad.net/bugs/78339 gallery2 (dapper): CVE 2006-1219 https://launchpad.net/ubuntu/+source/gallery2/+bug/35528 clamav (dapper, edgy): CVE 2006-6406 https://launchpad.net/ubuntu/+source/clamav/+bug/76374 vnc4 (dapper, edgy): CVE 2006-2369 https://launchpad.net/ubuntu/+source/vnc4/+bug/77383 Note: regression in edgy? > > Thanks motu-swat! :) Thanks for your support ;). Cheers, Stefan.
pgpqgu7u9duoo.pgp
Description: PGP signature
-- Ubuntu-motu mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
