Hi Mike, On Monday 21 February 2011 02:30:25 Michael Gilbert wrote: > I sent fixed the current poppler security issue a while back before > squeeze was released and sent a mail, but never heard anything. I've > just rebuilt a squeeze update. See: > http://mentors.debian.net/pool/main/p/poppler > > Should this get a DSA?
Thanks for your work. I do not believe this needs a DSA because according to Dan, "the chance of being able to exploit this for anything other than a crash is very remote". We can roll it up when another poppler issue comes up in the future. I see that for sid 0.16.2 is already pending so I've sent a followup mail to the BTS to ask for the CVE id's to be included in the changelog. > I wonder if it would help to set up a security.debian.org bug tracker > (similar to the release.debian.org [0]) so stuff like this doesn't get > lost? We already have a bug tracker, which is rt.debian.org. You may file issues there at will. We're now just starting with the new 'front desk' rotating schedule - one of the tasks of the front desk is to ensure issues like this end up in RT. Cheers, Thijs _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
