pcp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Bug#698735: CVE-2012-5530

from [Salvatore Bonaccorso] [Permanent Link][Original]
To: Nathan Scott <nathans@xxxxxxxxxx>, 698735@xxxxxxxxxxxxxxx
Subject: Bug#698735: CVE-2012-5530
From: Salvatore Bonaccorso <carnil@xxxxxxxxxx>
Date: Fri, 5 Apr 2013 07:09:08 +0200
Cc: Moritz Muehlenhoff <jmm@xxxxxxxxxx>
Delivered-to: pcp@xxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:sender:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=fZc7kVC/RIX6xjQWywVRSzQwTyhFSSXzGylUSa9j9Oc=; b=N9hBs51co/Gd5Ldz1KQXIOPtYAmLmpNhE+RGppEQ3Mnf9WxSb0gGcV8oSIhby14Gyz GeNRjTD0FvK9AVP4psnb9Z6GmgwWqyG88KGiMUjNabxDtpDAdBHz29lzcSRUrqgIFqAz aB+htUyim1fhQpc7MJ82wMZmWCqckxhn+F42qWVVO/vMnjGM8G5Q3wVz3+8crMNUyhEe CslnaIAMYg8GUNePABDmNyTzW0oTNqxk7jypUA6M8PjgLwEuMG+vRdP7X4uj4a8sQmXC jwfjZoyhra3TSVBLEY0etacP+sTpZMTd/JYWYbtNxw7kJ/O2gC2CJ0EbrZEqOeJuKKmq 0iLQ==
In-reply-to: <657662723.22188559.1363736939188.JavaMail.root@xxxxxxxxxx>
Original-sender: Salvatore Bonaccorso <salvatore.bonaccorso@xxxxxxxxx>
References: <2015547664.12675730.1359416443054.JavaMail.root@xxxxxxxxxx> <657662723.22188559.1363736939188.JavaMail.root@xxxxxxxxxx>
Reply-to: Salvatore Bonaccorso <carnil@xxxxxxxxxx>, 698735@xxxxxxxxxxxxxxx
Resent-cc: PCP Development Team <pcp@xxxxxxxxxxx>
Resent-date: Fri, 05 Apr 2013 05:12:01 +0000
Resent-from: Salvatore Bonaccorso <carnil@xxxxxxxxxx>
Resent-message-id: <handler.698735.B698735.136513855827143@xxxxxxxxxxxxxxx>
Resent-sender: Debian BTS <debbugs@xxxxxxxxxxxxxxxxxxxx>
Resent-to: debian-bugs-dist@xxxxxxxxxxxxxxxx
Sender: Salvatore Bonaccorso <salvatore.bonaccorso@xxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-06-14) 
# fixed in 3.6.10 upstream, first upload to Debian with 3.7.1
Control: fixed -1 3.7.1

Hi Nathan

On Tue, Mar 19, 2013 at 07:48:59PM -0400, Nathan Scott wrote:
> Hi all,
> 
> This is not getting any traction & in danger of being forgotten -
> can anyone help out who knows the security update build process?
> The patches have been prepared, tested, and are ready in the git
> tree (below) - but I need some help to get it over the line.
> 
> thanks!!

Only an update... In the security-tracker CVE-2012-5530[1] was marked
as no-dsa. This means there will not be a security announce update via
stable-security. But could you prepare a fix for it for Squeeze via a
stable-proposed-updates?

See [2] for further information on that.

 [1]: https://security-tracker.debian.org/tracker/CVE-2012-5530
 [2]: 
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable

Does this helps?

p.s.: Don't know if it was discussed previously already, with 2.8.0
upload the package is now a Debian native package. See [3]. Was this
intentional? Or would it be possible to convert the package to a
non-native source package?

 [3]: 
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#sourcelayout

Thanks for your work done!

Regards,
Salvatore
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [pcp] One pmwebapi against multiple pcp running hosts, Jun Wang
Next by Date:  Processed: fixed 698735 in 3.7.1, Debian Bug Tracking System
Previous by Thread:  Bug#704717: pcp: FTBFS - missing build-dep on python-dev, Aaron M. Ucko
Next by Thread:  Bug#698735: [pcp] Bug#698735: CVE-2012-5530, Nathan Scott
Indexes:  [Date] [Thread] [Top] [All Lists]