Re: dtoa embeddings
* Moritz Muehlenhoff , 2009-12-03, 22:48: Hi, please see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518927 If someone has time, please check the packages mentioned there and add it to embedded-code-copies. There might be yet undiscovered ocurrances of CVE-2009-0689. Added these and some more. (I checked merely presence of the code, not if the code is actually used.) -- Jakub Wilk signature.asc Description: Digital signature
Re: [Secure-testing-commits] r13252 - data
* Thijs Kinkhorst , 2009-11-09, 20:56: NOTE: embeds msgfmt.py script - - mailman (embed) + - mailman (embed; #555416) Although this is installed into the Debian package, it is never used and not installed into the path. What is the risk here? I can see to removing it in a next release purely because it's cruft, but do not see the added value of putting it on the embedded code copies list. We are already documenting things that are no security risk at all (like stuff fixed way before etch) and I strongly believe that is the right thing to do. The whole point of this file is to make obvious which versions are affected (even if none actually are). That said, this entry should be probably marked as . -- Jakub Wilk signature.asc Description: Digital signature
MBF: embedded copies of Python modules
zope.testing (U) zope2.10 (U) zope2.11 (U) Jelmer Vernooij bzr (U) Michael Vogt smart Rob Weir bzr (U) Jonathan Wiltshire rednotebook Alexander Zangerl duplicity Bernd Zeimetz ipython (U) pywbem (U) zope2.10 (U) zope2.11 (U) Enrico Zini turbogears (U) -- Jakub Wilk signature.asc Description: Digital signature
Embedded code copies [was: Re: r13147 - data]
[Please cc me if you reply to *-commits. Or just reply to debian-security-tracker, which seems a better place for discussion. :)] * Michael Gilbert , 2009-10-29, 12:50: Jakub, your code copy triage is immensely useful. as a suggestion, if you have the time, you could make a larger impact by also submitting bug reports since the goal ultimately is to eliminate the embeds (if possible). In fact I plan to do some MBF in the near future. -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
