Remote crash in Finch

Ethan Blanton elb at
Tue Feb 9 13:03:44 EST 2010

Sadrul Habib Chowdhury spake unto us the following wisdom:
> How do we deal with this issue? From the looks of things, it appears
> the remote exploitability in finch is still 'unknown', and we can
> probably get away with a scheduled release of 2.6.6 in a week's time. In
> the meantime, I believe we should request for a CVE# and notify the
> packagers?

Agreed on all points, assuming we actually release 2.6.6 in a timely

Josh Bressers can issue us a CVE on the spot for non-disclosed issues,
and (I believe) he is on packagers at .


The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
		-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <>

More information about the security mailing list