Re: Security response: how are we doing?

[Arne Wichmann]

begin  quotation  from Michael Gilbert (in 
CANTw=MNYAG06d8jd3=k9i5dflrwv7jrxvudrpftvtitnjxp...@mail.gmail.com):
 On Thu, Dec 1, 2011 at 6:11 AM,  wrote:
  On the other hand, at least from my point of view, things are not looking so
  bright. I have on my watchlist 4 buffer overflows (CVE-2011-3193,
  CVE-2011-3194, CVE-2011-1071, CVE-2011-1097), one DoS (CVE-2011-1659) and a
  number of lesser problems (#628843, #615118, CVE-2011-1521), most of which
  I have at least pinged once, most are around for at least 3 months, some
  for more than 6 months. And my selection is a quite limited one.
 
 At least CVE-2011-3194/5 out of your list above are for a package
 (qt4-x11) that has been declared as not receiving security support.

I must have missed that. Where is it documented?

 Unfortunately volunteers tend to have limited time, and more help is
 always appreciated.  Even non-DDs can prepare new package updates for
 future DSAs.  Pinging isn't necessarily productive, actual work is.

I am aware of that.

 Help with the tracker is also very useful:
 http://anonscm.debian.org/viewvc/secure-testing/doc/narrative_introduction?view=co

And that.

cu

AW
-- 
[...] If you don't want to be restricted, don't agree to it. If you are
coerced, comply as much as you must to protect yourself, just don't support
it. Noone can free you but yourself. (crag, on Debian Planet)
Arne Wichmann (a...@linux.de)


signature.asc
Description: Digital signature

Re: Bug#645881: critical update 29 available

[Andrea Zwirner]

Il 01/12/2011 21:47, Florian Weimer ha scritto:

* Moritz Mühlenhoff:

   

Florian, what's the status of openjdk6 for stable/oldstable?
 

I've released the pending update for squeeze.  lenny will eventually
follow, and so will the pending updates for squeeze, but judging by my
past performance, it will take a while.

If someone else wants to work on these updates, I'll gladly share what
I've learnt about the packaging.


   

I would also be very happy of helping, if possible.

I'm not a Debian expert, but I'm quite smart with linux (I've used 
Slackware and Gentoo until this year) and since I feel sooo confortable 
with Debian I really would like to delve into the distibution internals 
and, why not, help the security team! :-)


So, if you think I can help you, just let me know how.

Andrea

--
*Andrea Zwirner*
*email:* and...@linkspirit.org
*cell:* +39 366 1872016

*Linkspirit Sistemi Informatici*
/Applicazioni raffinate della scienza informatica/
Via Delle Industrie 5 - 33050 Ronchis UD
*tel:* +39 0432 1845030 - *fax:* +39 0432 309903
*web:* www.linkspirit.it - *email:* i...@linkspirit.it

*P Please consider the environment before printing this email*