On Mon, 29 Jun 2009 14:39:10 -0400 Michael S. Gilbert wrote: > On Mon, 29 Jun 2009 20:14:59 +0200, Francesco Poli wrote: > > Great! > > Only > > > > http://security-tracker.debian.net/tracker/CVE-2009-1392 > > http://security-tracker.debian.net/tracker/CVE-2009-0146 > > > > seem to be unfixed, now. > > should be fixed now.
Yes, I can confirm that! :-) Thank you very much. > > > As far as sid is concerned, I think vulnerabilities should be marked as > > fixed too, as appropriate (or does this have bad consequences?): > > yes these should be fixed, and i have done so. Great! I can confirm that everything seems to be fine now. > there should be no > negative consequences as long as the maintainers make sure to retain the > debian patches for this when new upstream versions are brought in. How can we make sure that those Debian patches, as long as they are still needed, are retained for new upstream versions, when they are packaged? Moreover, how can we make sure that packages fixed in stable and testing, but not in unstable, get fixed in unstable too, before a new version migrates from unstable to testing? Maybe by filing appropriate RC bugs? -- New location for my website! Update your bookmarks! http://www.inventati.org/frx ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
pgpUbXR71rHof.pgp
Description: PGP signature
