Re: Security response: how are we doing?

To: debian-security@lists.debian.org
Subject: Re: Security response: how are we doing?
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Thu, 1 Dec 2011 19:31:09 -0500
Message-id: <[🔎] CANTw=MNYAG06d8jd3=k9i5dfLRwV7JrxvUdRPfTvTiTnjxpO9g@mail.gmail.com>
In-reply-to: <[🔎] p04kq8-tq6.ln1@anhrefn.saar.de>
References: <4ED44910.3090506@igalia.com> <20111129074009.GA32484@e3_shell_019.private.alderwick.co.uk> <[🔎] p04kq8-tq6.ln1@anhrefn.saar.de>

On Thu, Dec 1, 2011 at 6:11 AM,  wrote:
> On the other hand, at least from my point of view, things are not looking so
> bright. I have on my watchlist 4 buffer overflows (CVE-2011-3193,
> CVE-2011-3194, CVE-2011-1071, CVE-2011-1097), one DoS (CVE-2011-1659) and a
> number of lesser problems (#628843, #615118, CVE-2011-1521), most of which
> I have at least pinged once, most are around for at least 3 months, some
> for more than 6 months. And my selection is a quite limited one.

At least CVE-2011-3194/5 out of your list above are for a package
(qt4-x11) that has been declared as not receiving security support.

Unfortunately volunteers tend to have limited time, and more help is
always appreciated.  Even non-DDs can prepare new package updates for
future DSAs.  Pinging isn't necessarily productive, actual work is.

Help with the tracker is also very useful:
http://anonscm.debian.org/viewvc/secure-testing/doc/narrative_introduction?view=co

Best wishes,
Mike

Reply to:

Follow-Ups:
- Re: Security response: how are we doing?
  - From: Arne Wichmann <aw@anhrefn.saar.de>

References:
- Re: Security response: how are we doing?
  - From: aw@anhrefn.saar.de

Prev by Date: Re: Bug#645881: critical update 29 available
Next by Date: Professional manufacturer of slewing bearings
Previous by thread: Re: Security response: how are we doing?
Next by thread: Re: Security response: how are we doing?
Index(es):
- Date
- Thread