On Tue, 25 Sep 2007 somebody known as Thijs Kinkhorst wrote:
A good step would be to mention in the bug log where people can get the
updated packages, as soon as they are ready. It's then possible that an
interested DD (could be someone from the secure testing team for example)
sponsors the pack
On Tue, September 25, 2007 14:28, Tomasz Mrugalski wrote:
> As I'm not a Debian developer, I always send my DEBs to a collegaue, who
> is a DD. He's rather busy, so it may take a week or so before he checks and
> uploads the packages. Is there any other ("fast path") way to upload those
> fixed pac
On Tue, 25 Sep 2007 somebody known as Steffen Joeris wrote:
Package: dibbler
Severity: grave
Tags: security
Justification: user security hole
CVE-2007-5028:
CVE-2007-5029:
CVE-2007-5030:
There might be some other fixes in the new 0.6.1 version, according to
the upstream CHANGELOG. I am still
Package: dibbler
Severity: grave
Tags: security
Justification: user security hole
Hi
There are three CVEs issued for dibbler.
CVE-2007-5028:
Dibbler 0.6.0 on Linux uses weak world-writable permissions for
unspecified files in /var/lib/dibbler, which has unknown impact and
local attack vectors.
4 matches
Mail list logo
