[Openvas-distro-deb] Bug#641327: Bug#641327: CVE-2011-3351: Insecure tempfile
Moritz Mühlenhoff
jmm at inutil.org
Wed Dec 28 11:29:44 CET 2011
On Tue, Sep 13, 2011 at 09:36:32PM +0200, Moritz Muehlenhoff wrote:
> On Tue, Sep 13, 2011 at 02:14:24AM +0200, Javier Fernandez-Sanguino wrote:
> > On 12 September 2011 19:12, Moritz Muehlenhoff <jmm at debian.org> wrote:
> > > Please see http://seclists.org/oss-sec/2011/q3/429 for details.
> >
> > I will review the fix and apply (or backport it) to the openvas-server
> > (2.x series in unstable) and the openvas-scanner (3.x series in
> > experimental).
>
> Thanks for your verbose analysis.
>
> > Moritz, do you believe this bug merits a DSA? Please let me know, I
> > can also provide compiled packages for Wheezy if needed be.
>
> No, this doesn't warrant a DSA. We can either postpone it until a more
> severe OpenVAS issue is found we it can be fixed through a point update.
>
> I'm adding Jonathan Wiltshire to CC. He's coordinating the minor
> security fixes, which get fixed through stable-proposed-updates.
Javier,
can you fix this for the upcoming 6.0.4 point update?
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable
Cheers,
Moritz
More information about the Openvas-distro-deb
mailing list