On Fri, Jan 30, 2015 at 11:17:49AM +0100, Axel Beckert wrote: > Hi Moritz, > > Moritz Mühlenhoff wrote: > > On Tue, Jan 27, 2015 at 12:34:09PM +0100, Axel Beckert wrote: > > > Moritz Mühlenhoff wrote: > > > > I think it's sufficient if we fix this in a point update, can you take > > > > care of that? > > > > > > Do you think of Jessie or Wheezy? As far as I can see, Wheezy is > > > not affected: > > > https://sources.debian.net/src/xymon/4.3.0%7Ebeta2.dfsg-9.1/web/bb-ack.c/#L248 > > > > I hadn't checked the status in jessie yet, but I just did and you're > > right: Wheezy/Squeeze is not affected. > > Could you please update > https://security-tracker.debian.org/tracker/source-package/xymon with > regards to that fact? TIA!
Just updated. > I haven't seen such a request on > http://www.openwall.com/lists/oss-security/2015/01/ yet. (I know you > were busy with DSAs in the past few days, OpenJDK is a serious timesink :-) > but I thought, I'd just sent > a gentle ping. I don't want to request one myself without OK from you > as a similar situation resulted in two CVE ids for the same issue the > last time I tried to request one myself. :-) I just requested it, you're in CC. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
