Thijs Kinkhorst wrote:
> > mantis
> > CVE-2005-3337 CVE-2006-0664 CVE-2006-0665
> > CVE-2006-0840 CVE-2006-0841 CVE-2006-1577
>
> I've supplied updated packages for sid and sarge, addressing all
> relevant issues. A short breakdown:
Thank you very much!
> CVE-2006-0840 - This was already addressed in sarge and sid;
I see, this seems fixed en passant in DSA-944.
> CVE-2006-1577 - Fixed with upstream patch in sarge and sid;
> CVE-2006-0841 - Fixed with selected patches from upstream, some parts
> were already present.
> CVE-2006-0664 - Fixed in sarge, sid was already fixed.
> CVE-2006-0665 - Fixed in sarge, sid was already fixed.
Could you place patches or a preliminary package available for download
somewhere?
> CVE-2005-3337 - This is a mistery; the description is vague and the
> upstream CVS repository doesn't seem to provide a distinct fix. I
> believe this might actually be a duplicate of another already fixed
> issue, CVE-2005-2557. We really need more positive proof that there's
> actually something vulnerable here if you ask me.
I forwarded this to MITRE for clarification, let's see what Steven has
in his notes.
> By the way, the package in sid is not in a very good shape and the
> maintainer seems to be MIA...
If this shouldn't change over the next one or two months it should rather
be removed for Etch. It's notoriously prone to security issues and sid is
way behind current upstream.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
