On Thu, Dec 1, 2011 at 6:11 AM, wrote: > On the other hand, at least from my point of view, things are not looking so > bright. I have on my watchlist 4 buffer overflows (CVE-2011-3193, > CVE-2011-3194, CVE-2011-1071, CVE-2011-1097), one DoS (CVE-2011-1659) and a > number of lesser problems (#628843, #615118, CVE-2011-1521), most of which > I have at least pinged once, most are around for at least 3 months, some > for more than 6 months. And my selection is a quite limited one.
At least CVE-2011-3194/5 out of your list above are for a package (qt4-x11) that has been declared as not receiving security support. Unfortunately volunteers tend to have limited time, and more help is always appreciated. Even non-DDs can prepare new package updates for future DSAs. Pinging isn't necessarily productive, actual work is. Help with the tracker is also very useful: http://anonscm.debian.org/viewvc/secure-testing/doc/narrative_introduction?view=co Best wishes, Mike -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=MNYAG06d8jd3=k9i5dflrwv7jrxvudrpftvtitnjxp...@mail.gmail.com