(Thanks for CCing me on your replies) On 2008-12-01 at 10:55:33, Nico Golde wrote: > No it's not. We marked this is unimportant in the security > tracker as this is only an unused test script: > http://security-tracker.debian.net/tracker/CVE-2008-5147
Great. By the way, is there a way for me to "subscribe" one way or another to receive a notification whenever one of my packages has a CVE associated to it? > Ok that's fine. Please ping us in this case with the version > so we can mark it as fixed in the security tracker. I have uploaded docvert 3.4-7 to unstable and requested a freeze exception for lenny. The debdiff is attached to this email in case you're interested. Cheers, Francois
diff -u docvert-3.4/debian/rules docvert-3.4/debian/rules --- docvert-3.4/debian/rules +++ docvert-3.4/debian/rules @@ -43,6 +43,7 @@ cp -r $(CURDIR)/generator-pipeline $(CURDIR)/debian/docvert/usr/share/docvert/ cp -r $(CURDIR)/pipeline $(CURDIR)/debian/docvert/usr/share/docvert/ cp -r $(CURDIR)/core $(CURDIR)/debian/docvert/usr/share/docvert/ + rm $(CURDIR)/debian/docvert/usr/share/docvert/core/lib/pyodconverter/test-pipe-to-pyodconverter.org.sh rm -rf $(CURDIR)/debian/docvert/usr/share/docvert/core/lib/fckeditor rm -rf $(CURDIR)/debian/docvert/usr/share/docvert/core/lib/pclzip-2.6 rm -rf $(CURDIR)/debian/docvert/usr/share/docvert/core/lib/jodconverter/ diff -u docvert-3.4/debian/changelog docvert-3.4/debian/changelog --- docvert-3.4/debian/changelog +++ docvert-3.4/debian/changelog @@ -1,3 +1,9 @@ +docvert (3.4-7) unstable; urgency=high + + * Remove unused but possibly vulnerable test script (CVE-2008-5147) + + -- Francois Marier <[EMAIL PROTECTED]> Mon, 01 Dec 2008 23:26:22 +1300 + docvert (3.4-6) unstable; urgency=high * docvert-openoffice.org needs to depend on docvert
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
