Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 18 Oct 2012 15:35:25 -0400
From: Michael Gilbert <>
Subject: Re: CVE-2012-2248: isc-dhcp, Debian-specific: build
 path included in PATH

On Wed, Oct 17, 2012 at 8:41 PM, Kurt Seifried wrote:
>> It was uploaded to and affected Debian testing and unstable.
>> Testing has not yet been officially "released", but some people use
>> testing as if it were an official release.  Unstable never gets
>> released.
> When I say released I meant in the sense of made available for
> download, not in the sense of software engineering and doing a proper
> "release".

So, at the risk of sounding nitpicky, the Debian testing + unstable
archives are pretty much equivalent to Fedora rawhide.  Even though
Redhat's position is that issues affecting only rawhide should not get
CVE identifiers, in Debian I think we should try to be more honest, so
we'll assign identifiers to all "uploaded" versions (in Debian, we use
the term upload to mean that a package is available in an archive vice
the term release).

Best wishes,

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.