Re: Positive press for Debian's security team
Matt Zimmerman wrote:
> On Wed, Mar 31, 2004 at 09:22:38AM +0200, Florian Weimer wrote:
>
> > Chad Waters wrote:
> >
> > > Better metric: fix time from vendor's notification date
> >
> > The last DSA was released with a delay of 2.5 years...
>
> No idea what you are talking about.
http://cert.uni-stuttgart.de/advisories/postgresql_pam_nss.php
http://www.debian.org/security/2004/dsa-469
The package wasn't part of potato, that's why the Security Team wasn't
involved. Apparently, the maintainer failed to fix those bugs and the
broken version (or a subsequent one) was released with woody.
--
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: postino.it, tiscali.co.uk, tiscali.cz, tiscali.it,
voila.fr.
Reply to: