Date: Thu, 18 Oct 2012 15:35:25 -0400 From: Michael Gilbert <mgilbert@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH On Wed, Oct 17, 2012 at 8:41 PM, Kurt Seifried wrote: >> It was uploaded to and affected Debian testing and unstable. >> Testing has not yet been officially "released", but some people use >> testing as if it were an official release. Unstable never gets >> released. > > When I say released I meant in the sense of made available for > download, not in the sense of software engineering and doing a proper > "release". So, at the risk of sounding nitpicky, the Debian testing + unstable archives are pretty much equivalent to Fedora rawhide. Even though Redhat's position is that issues affecting only rawhide should not get CVE identifiers, in Debian I think we should try to be more honest, so we'll assign identifiers to all "uploaded" versions (in Debian, we use the term upload to mean that a package is available in an archive vice the term release). Best wishes, Mike
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.