[Pardus-security] Announcement about wrong package versions in last 6 advisories
Eren Türkay
eren at pardus.org.tr
Wed Mar 31 16:10:38 EEST 2010
Hello,
Due to the error in our advisory releasing software, the last 6 advisories
contained wrong package versions. The erroneous advisories which included
wrong package versions are:
[PLSA-2010-40] Pango: Denial of Service
[PLSA-2010-41] Libpng: Denial of Service
[PLSA-2010-42] tar/cpio: Buffer Overflow
[PLSA-2010-43] Curl: Excessive Data Length in Callback Function
[PLSA-2010-44] Php: Multiple Vulnerabilities
[PLSA-2010-45] Apache: Multiple Vulnerabilities
Our advisories contain package information for each Pardus release. Normally,
you would see "Affected packages" section as:
Pardus 2009:
pango, all before 1.26.2-34-10
However, in the last advisories, the section was written as:
pango-1.26.2-34-10, all before 2009
pango-1.21.3-28-8, all before 2008
To get correct package version, the version string after the package name
should be taken into account.
Additionally, "solution" section was wrongly created. Please only enter
package names while using "pisi up". The version string is not accepted for
pisi.
We are really sorry for this inconvenience and we apologize for it.
--
Eren
More information about the Pardus-security
mailing list