On Tue, Nov 01, 2011 at 09:03:57PM +0100, Moritz Muehlenhoff wrote: > Package: obby > Severity: important > Tags: security > > Hi, > two CVE IDs have been assigned to two minor vulnerabilites in libobby: > > http://seclists.org/oss-sec/2011/q4/194 (plus followups from > upstream) > > IMO this doesn't warrant a DSA.
CVE-2011-4091 and CVE-2011-4093 can be fixed with an updated net6. CVE-2011-4092 is a design issue in obby that won't be fixed upstream unless somebody else steps up to implement/fix it. (libinfinity fixes this issue and is not affected by the other two issues.) I think fixing -4093 (and possibly -4091) in a stable update makes sense but I don't see a DSA for any of them. Kind regards, Philipp Kern -- .''`. Philipp Kern Debian Developer : :' : http://philkern.de Stable Release Manager `. `' xmpp:p...@0x539.de Wanna-Build Admin `- finger pkern/k...@db.debian.org
signature.asc
Description: Digital signature
