new team: motu-swat

Stefan Potyra sistpoty at ubuntu.com
Fri Jan 12 15:04:29 GMT 2007


Hi,

Am Freitag 12 Januar 2007 06:57 schrieb Kees Cook:
>
> One thing I'd like to figure out is some way to publicize universe
> security updates more widely.  One place that collects the "recent
> package updates" is the Ubuntu Weekly Newsletter.  There's a Security
> Updates section which catches USNs (for main), and an Updates section
> which catches notifications sent to the $RELEASE-changes mailing list,
> but since security uploads are done kind of side-ways, they seem to
> bypass the -changes mailing lists (and as a result, the Newsletter).

hm... I could collect the info from the bug-mails to which motu-swat is 
subscribed and do a small summary each two weeks or so, which UWN could then 
pick up. However for this to work it's very helpful if you follow some simple 
rules for bugs:

* a fix has been released (either via USN, or normal upload/sync if it's a 
feisty one): Mark the bug for the distribution as Fix released *and* leave a 
comment that it's fixed and in which distribution (or even better: the 
changes mail/file, see e.g. acroread bug).
(I cannot track otherwise if the fix has been released a long time ago 
already)

* an older version ubuntu version is not vulnerable, but has been targeted: 
Reject this instance of the bug. (e.g. gallery2).


Here the most recent fixes:

dokuwiki (dapper): CVE 2006-2878, CVE 2006-2945, CVE 2006-5098, CVE 2006-5099
https://launchpad.net/bugs/45887

acroread (feisty): CVE 2007-0045, CVE 2007-0046
https://launchpad.net/bugs/78339

gallery2 (dapper): CVE 2006-1219
https://launchpad.net/ubuntu/+source/gallery2/+bug/35528

clamav (dapper, edgy): CVE 2006-6406
https://launchpad.net/ubuntu/+source/clamav/+bug/76374

vnc4 (dapper, edgy): CVE 2006-2369
https://launchpad.net/ubuntu/+source/vnc4/+bug/77383
Note: regression in edgy?


>
> Thanks motu-swat!  :)

Thanks for your support ;).

Cheers,
   Stefan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/ubuntu-motu/attachments/20070112/d72bf1c9/attachment.pgp 


More information about the Ubuntu-motu mailing list