public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download: 
* [gentoo-dev] Re: [gentoo-security] GLSA:  net-ftp/proftpd(200309-16)
       [not found]         ` <022701c386a1$7b36ee40$d037630a@dh.com>
@ 2003-09-29 16:34 99%       ` Ned Ludd
  0 siblings, 0 replies; 1+ results
From: Ned Ludd @ 2003-09-29 16:34 UTC (permalink / raw
  To: Thomas T. Veldhouse; +Cc: Daniel Ahlberg, gentoo-security, gentoo-dev

[-- Attachment #1: Type: text/plain, Size: 3777 bytes --]

I would have to 100% disagree with you on this.

GLSA's are to keep the end user informed about security updates. The
pure existence of a security update alone should not dictate that a
package is stable. Standard Q/A must still apply.

x86 was just bumped to stable btw.



On Mon, 2003-09-29 at 11:50, Thomas T. Veldhouse wrote:
> True, but that is not acceptable for me (or many admins I suspect).  An
> unstable/testing security fix is itself a security risk, otherwise, it
> should be marked stable (as anything sent out in a GLSA should be IMHO).
> 
> Tom Veldhouse
> 
> ----- Original Message -----
> From: "Ned Ludd" <solar@gentoo.org>
> To: "Thomas T. Veldhouse" <veldy@veldy.net>
> Cc: "Daniel Ahlberg" <aliz@gentoo.org>; <gentoo-security@gentoo.org>
> Sent: Monday, September 29, 2003 10:39 AM
> Subject: Re: [gentoo-security] Re: [gentoo-announce] GLSA:
> net-ftp/proftpd(200309-16)
> 
> net-ftp/proftpd has not been marked stable in the portage tree as of
> yet, you can however merge it if your accepting ~arch keywords.
> 
> ACCEPT_KEYWORDS="x86 ~x86" emerge '>=net-ftp/proftpd-1.2.9_rc2'
> When we get a few end user reports of it working we will mark it as
> stable.
> 
> On Mon, 2003-09-29 at 10:47, Thomas T. Veldhouse wrote:
> > This is not adequate for a Gentoo stable system!
> >
> > # emerge '>=net-ftp/proftpd-1.2.9_rc2'
> > Calculating dependencies
> > !!! all ebuilds that could satisfy ">=net-ftp/proftpd-1.2.9_rc2" have been
> > masked.
> >
> > !!! Error calculating dependencies. Please correct.
> >
> > Tom Veldhouse
> >
> > ----- Original Message -----
> > From: "Daniel Ahlberg" <aliz@gentoo.org>
> > To: <gentoo-announce@gentoo.org>; <bugtraq@securityfocus.com>;
> > <full-disclosure@lists.netsys.com>
> > Sent: Monday, September 29, 2003 9:23 AM
> > Subject: [gentoo-announce] GLSA: net-ftp/proftpd (200309-16)
> >
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> >
> > - ------------------------------------------------------------------------
> > > GENTOO LINUX SECURITY ANNOUNCEMENT 200309-16
> >
> > - ------------------------------------------------------------------------
> > >           PACKAGE : net-ftp/proftpd
> > >           SUMMARY : ASCII File Remote Compromise Vulnerability
> > >              DATE : 2003-09-28 00:37 UTC
> > >           EXPLOIT : remote
> > > VERSIONS AFFECTED : <proftpd-1.2.9_rc2
> > >     FIXED VERSION : =proftpd-1.2.9_rc2
> > >     GENTOO BUG ID : 29452
> > >               CVE : none that we are aware of at this time
> >
> > - ------------------------------------------------------------------------
> > >
> > > SUMMARY:
> > >
> > >  ISS X-Force discovered a vulnerability that could be triggered when a
> > >  specially crafted file is uploaded to a proftpd server.
> > >
> > >  Read the full advisory at:
> > >   http://www.proftpd.org/
> > >
> > > SOLUTION:
> > >
> > >  It is recommended that all Gentoo Linux users who are running
> > >  net-ftp/proftpd upgrade to proftpd-1.29_rc2 as follows
> > >
> > >  emerge sync
> > >  emerge '>=net-ftp/proftpd-1.2.9_rc2'
> > >  emerge clean
> > >
> >
> > - - - --------------------------------------------------------------------
> > -
> > > solar@gentoo.org
> > > aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz
> >
> > - - - --------------------------------------------------------------------
> > -
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.2.3 (GNU/Linux)
> > >
> > > iD8DBQE/eEBbfT7nyhUpoZMRArDnAKCFlLbPmeC/S05/0EG1pqJc9BbClACgjPY6
> > > OintOPB6pXf211OQxsUC7Tg=
> > > =+hmK
> > > -----END PGP SIGNATURE-----
> > >
> >
-- 
Ned Ludd <solar@gentoo.org>
Gentoo Linux Developer

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 307 bytes --]

^ permalink raw reply	[relevance 99%]

Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
     [not found]     <20030929142323.4EE7E9FB24@noc.internal.fairytale.se>
     [not found]     ` <01cd01c38698$b024d260$d037630a@dh.com>
     [not found]       ` <1064849944.28970.253.camel@simple>
     [not found]         ` <022701c386a1$7b36ee40$d037630a@dh.com>
2003-09-29 16:34 99%       ` [gentoo-dev] Re: [gentoo-security] GLSA: net-ftp/proftpd(200309-16) Ned Ludd

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox