On Sun, Aug 28, 2005 at 07:50:57PM -0400, Michael Stone wrote: > On Thu, Aug 25, 2005 at 03:02:58AM -0500, Branden Robinson wrote: > >We should likely either: > >1) Patch the copy of cvsbug to fix the vulnerability; or > >2) Stop shipping cvsbug altogether. > > I'm inclined to support the latter in future releases; I'm not sure that > this warrents a DSA.
Okay. My concern is simply that we either fix or stop shipping the vulnerable code. You'd know better than I whether this "rises to the level" of an advisory. -- G. Branden Robinson | I suspect Linus wrote that in a Debian GNU/Linux | complicated way only to be able to [EMAIL PROTECTED] | have that comment in there. http://people.debian.org/~branden/ | -- Lars Wirzenius
signature.asc
Description: Digital signature
