[Fwd: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727]
Warren Togami
wtogami at redhat.com
Fri Aug 14 14:19:24 EDT 2009
On 08/14/2009 01:49 PM, Ari Pollak wrote:
> Is there a CVE number for this yet? I couldn't seem to find any in my
> history. Also, if the patch isn't going to be finalized soon, can we
> delay the unemargo date to give people time to prepare packages?
This current situation is lacking clarity.
* It is not clear we have a CVE number.
* It is not clear if 2.5.9 is happening. If it is happening, who is
doing it? Will the official tarball be cut a few days early without a
mtn checkin?
We are already past the point where we can comfortably build a binary
and give QA adequate time to verify it before embargo lift day.
Could we please move the embargo day to Thursday, August 20th?
Even then, we would need the 2.5.9 tarball and CVE number today.
Warren
More information about the Packagers
mailing list