Hi Torsten, Torsten Landschoff [2006-07-08 17:42 +0200]: > > There is a buffer overflow in st.c. Please see > > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2754 > > > > for links to more detailled descriptions and a pointer to the upstream > > CVS patch. > > > > Please mention the CVE number in the changelog when you fix this. > > How is the current procedure for security uploads (RTFM pointer is good > enough)? We can surely provide an updated package for sarge but I fear > duplicated work with the security team.
Normally the security team is glad to get security updates prepared by the maintainers. Please just mail [EMAIL PROTECTED] with a short description and the CVE number and tell them that you will prepare an update. Then follow up with a source package and they will you give ok to upload or discuss changes with you. http://www.de.debian.org/doc/developers-reference/ch-pkgs.en.html#s-bug-security has some more details. Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
