new team: motu-swat
Stefan Potyra
sistpoty at ubuntu.com
Fri Jan 12 15:04:29 GMT 2007
Hi,
Am Freitag 12 Januar 2007 06:57 schrieb Kees Cook:
>
> One thing I'd like to figure out is some way to publicize universe
> security updates more widely. One place that collects the "recent
> package updates" is the Ubuntu Weekly Newsletter. There's a Security
> Updates section which catches USNs (for main), and an Updates section
> which catches notifications sent to the $RELEASE-changes mailing list,
> but since security uploads are done kind of side-ways, they seem to
> bypass the -changes mailing lists (and as a result, the Newsletter).
hm... I could collect the info from the bug-mails to which motu-swat is
subscribed and do a small summary each two weeks or so, which UWN could then
pick up. However for this to work it's very helpful if you follow some simple
rules for bugs:
* a fix has been released (either via USN, or normal upload/sync if it's a
feisty one): Mark the bug for the distribution as Fix released *and* leave a
comment that it's fixed and in which distribution (or even better: the
changes mail/file, see e.g. acroread bug).
(I cannot track otherwise if the fix has been released a long time ago
already)
* an older version ubuntu version is not vulnerable, but has been targeted:
Reject this instance of the bug. (e.g. gallery2).
Here the most recent fixes:
dokuwiki (dapper): CVE 2006-2878, CVE 2006-2945, CVE 2006-5098, CVE 2006-5099
https://launchpad.net/bugs/45887
acroread (feisty): CVE 2007-0045, CVE 2007-0046
https://launchpad.net/bugs/78339
gallery2 (dapper): CVE 2006-1219
https://launchpad.net/ubuntu/+source/gallery2/+bug/35528
clamav (dapper, edgy): CVE 2006-6406
https://launchpad.net/ubuntu/+source/clamav/+bug/76374
vnc4 (dapper, edgy): CVE 2006-2369
https://launchpad.net/ubuntu/+source/vnc4/+bug/77383
Note: regression in edgy?
>
> Thanks motu-swat! :)
Thanks for your support ;).
Cheers,
Stefan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/ubuntu-motu/attachments/20070112/d72bf1c9/attachment.pgp
More information about the Ubuntu-motu
mailing list