Hi Moritz, Moritz Mühlenhoff wrote: > On Tue, Jan 27, 2015 at 12:34:09PM +0100, Axel Beckert wrote: > > Moritz Mühlenhoff wrote: > > > I think it's sufficient if we fix this in a point update, can you take > > > care of that? > > > > Do you think of Jessie or Wheezy? As far as I can see, Wheezy is > > not affected: > > https://sources.debian.net/src/xymon/4.3.0%7Ebeta2.dfsg-9.1/web/bb-ack.c/#L248 > > I hadn't checked the status in jessie yet, but I just did and you're > right: Wheezy/Squeeze is not affected.
Could you please update https://security-tracker.debian.org/tracker/source-package/xymon with regards to that fact? TIA! > For jessie we can follow the usual upload/unblock procedure. Has gotten its unblock pre-approval and has been uploaded to Unstable just now. Will be available on the mirrors with the next push. > Ok, I'll request a CVE on oss-security. I haven't seen such a request on http://www.openwall.com/lists/oss-security/2015/01/ yet. (I know you were busy with DSAs in the past few days, but I thought, I'd just sent a gentle ping. I don't want to request one myself without OK from you as a similar situation resulted in two CVE ids for the same issue the last time I tried to request one myself. :-) As soon we have a CVE-ID I will add it retroactively to the changelog entry of the just uploaded package, so that it will show up as fixed in that package release, starting with the next upload. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
