Bug#308787: CVE IDs
Note this this hole has been assigned two CVE IDs: CAN-2005-1564 post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows CAN-2005-1563 Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different I don't quite understand the previous message from Alexis Sukrieh about needing to wait for some kind of web app policy before fixing these security holes. The above two CANs affect sarge and need to be fixed. -- see shy jo signature.asc Description: Digital signature
Bug#308787: CVE IDs (bugzilla)
* Joey Hess ([EMAIL PROTECTED]) disait : > Note this this hole has been assigned two CVE IDs: > > CAN-2005-1564 post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 > allows > CAN-2005-1563 Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a > different Thanks to upstream collaboration, we have now a working patch for closing this security issue in the 2.16 branch (the first patch was not ok for 2.16[1]). I backported the full patch from 2.16.10 to our sarge package (2.16.7). It works pretty well on my sarge box. The package source is available on my repository: deb-src http://www.sukria.net/debian ./ I don't know what is the best thing to do here, as this is an update of the 2.16 package (which is in testing) and our sid package is 2.18... Maybe a t-p-u? Cheers. 1: https://bugzilla.mozilla.org/show_bug.cgi?id=294655 -- Alexis Sukrieh <[EMAIL PROTECTED]> http://www.sukria.net « Quidquid latine dictum sit, altum sonatur. » Whatever is said in Latin sounds profound.
Bug#308787: CVE IDs (bugzilla)
On Thu, May 19, 2005 at 05:26:50PM +0200, Alexis Sukrieh wrote: > > The package source is available on my repository: > > deb-src http://www.sukria.net/debian ./ > > I don't know what is the best thing to do here, as this is an update of > the 2.16 package (which is in testing) and our sid package is 2.18... > > Maybe a t-p-u? > sid has 2.18 since a few time, so the only possibility is indeed t-p-u... -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#308787: CVE IDs (bugzilla)
On Thu, May 19, 2005 at 05:26:50PM +0200, Alexis Sukrieh wrote: > * Joey Hess ([EMAIL PROTECTED]) disait : > > Note this this hole has been assigned two CVE IDs: > > CAN-2005-1564 post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and > > 2.19.2 allows > > CAN-2005-1563 Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a > > different > Thanks to upstream collaboration, we have now a working patch for > closing this security issue in the 2.16 branch (the first patch was not > ok for 2.16[1]). > I backported the full patch from 2.16.10 to our sarge package (2.16.7). > It works pretty well on my sarge box. > The package source is available on my repository: > deb-src http://www.sukria.net/debian ./ > I don't know what is the best thing to do here, as this is an update of > the 2.16 package (which is in testing) and our sid package is 2.18... > Maybe a t-p-u? Yes, either t-p-u, or testing-security with the approval of the security team. -- Steve Langasek postmodern programmer signature.asc Description: Digital signature
Bug#308788: Bug#308787: CVE IDs
* Joey Hess ([EMAIL PROTECTED]) disait : > Note this this hole has been assigned two CVE IDs: > > CAN-2005-1564 post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 > allows > CAN-2005-1563 Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a > different > > I don't quite understand the previous message from Alexis Sukrieh about > needing to wait for some kind of web app policy before fixing these > security holes. The above two CANs affect sarge and need to be fixed. You are perfectly right. I just wasn't aware of the fact that those security issues did affect sarge, I was focused on the unstable 2.18 package, my fault. Be sure that providing a safe package for sarge is my top priority by now. Thanks a lot for the report Joey. -- Alexis Sukrieh <[EMAIL PROTECTED]> http://www.sukria.net « Quidquid latine dictum sit, altum sonatur. » Whatever is said in Latin sounds profound.
