digging CVEs

Sometimes I would check security-tracker to find problems that is already fixed but not tagged as so.

Today, I found problems that not in unstable package but not tagged as fixed for Eucalyptus, because it was removed from unstable once but re-introduced to archive again, then data in security-tracker was not updated as well. So update it (CVE-2010-3905 and CVE-2011-0730).

And also found vulnerablity in firebird2.5 was fixed in upstream svn, so pick it and made it as a patch, just report to BTS (for squeeze, too).

For isc-dhcp, it has a vulnerability from BIND9... I've been surprised but dhcp includes bind9 source since 4.2, so BIND9 vulnerability affects isc-dhcp. Pick a diff from bind9 for squeeze security update and made a patch (Bug#698597) .

Popular Posts