Re: Positive press for Debian's security team

To: debian-security@lists.debian.org
Subject: Re: Positive press for Debian's security team
From: Florian Weimer <fw@deneb.enyo.de>
Date: Wed, 7 Apr 2004 10:41:24 +0200
Message-id: <[🔎] 20040407084124.GA4717@deneb.enyo.de>
In-reply-to: <[🔎] 20040406183918.GU799@alcor.net>
References: <3CE8E66CCD5A9E44A31436D8774C89E90225A906@nzlsm201.nz.eds.com> <20040330233206.GB16199@bittwiddlers.com> <20040331072238.GA2904@deneb.enyo.de> <[🔎] 20040406183918.GU799@alcor.net>

Matt Zimmerman wrote:

> On Wed, Mar 31, 2004 at 09:22:38AM +0200, Florian Weimer wrote:
> 
> > Chad Waters wrote:
> > 
> > > Better metric: fix time from vendor's notification date
> > 
> > The last DSA was released with a delay of 2.5 years...
> 
> No idea what you are talking about.

http://cert.uni-stuttgart.de/advisories/postgresql_pam_nss.php
http://www.debian.org/security/2004/dsa-469

The package wasn't part of potato, that's why the Security Team wasn't
involved.  Apparently, the maintainer failed to fix those bugs and the
broken version (or a subsequent one) was released with woody.

-- 
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: postino.it, tiscali.co.uk, tiscali.cz, tiscali.it,
voila.fr.

Reply to:

Follow-Ups:
- Re: Positive press for Debian's security team
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Re: Positive press for Debian's security team
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: Fwd: Re: [incidents] Exploit for TCP Wrappers 7.9
Next by Date: can't see anything with 'w'
Previous by thread: Re: Positive press for Debian's security team
Next by thread: Re: Positive press for Debian's security team
Index(es):
- Date
- Thread