Hi Joey, Am Donnerstag, 27. Januar 2005 07:34 schrieb Martin Schulze: > Package: openswan > Severity: grave > Tags: security sarge sid patch > > Please see the advisory and patch here: > > http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities >&flashstatus=false > > Even though iDEFENSE wrote: > > iDEFENSE has confirmed that Openswan 2.2.0 is vulnerable. All previous > versions of Openswan also contain the vulnerable code. > > it seems that 2.3.0 in sid is vulnerable as well. Many thanks for informing me about this - I have somehow missed the announcement (it does not seem to have been communicated over the openswan announce mailing list either). I now have two packages ready, one 2.2.0 based for testing (IMHO 2.3.0 should not enter testing in its current state - it is broken upstream) and one 2.3.0 based for unstable which both fix the mentioned security issue. How should I proceed? Upload one to unstable, the other to testing as soon as you are prepared to release the DSA?
best regards, Rene -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]