Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH
From: Michael Gilbert <mgilbert () debian org>
Date: Thu, 18 Oct 2012 15:35:25 -0400

On Wed, Oct 17, 2012 at 8:41 PM, Kurt Seifried wrote:
It was uploaded to and affected Debian testing and unstable.
Testing has not yet been officially "released", but some people use
testing as if it were an official release.  Unstable never gets

When I say released I meant in the sense of made available for
download, not in the sense of software engineering and doing a proper

So, at the risk of sounding nitpicky, the Debian testing + unstable
archives are pretty much equivalent to Fedora rawhide.  Even though
Redhat's position is that issues affecting only rawhide should not get
CVE identifiers, in Debian I think we should try to be more honest, so
we'll assign identifiers to all "uploaded" versions (in Debian, we use
the term upload to mean that a package is available in an archive vice
the term release).

Best wishes,

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]