headers
Simon Josefsson | 15 Apr 2008 14:38
Favicon
Gravatar

request of audit of 'shishid'

Hi,

I read Steve's blog entry about requesting audit of new packages here.
I've maintained debian packages for Shishi for a while, so it isn't
strictly a new package, but I do appreciate code audits of it.  Shishi
contains shishid which is a network daemon started by root so it is a
good target to inspect for security problems.

You can download upstream source code from
<http://josefsson.org/shishi/release/> or browse it in git:

http://git.savannah.gnu.org/gitweb/?p=shishi.git;a=tree;f=src;hb=HEAD

In particular, the shishid daemon code is in:

http://git.savannah.gnu.org/gitweb/?p=shishi.git;a=blob;f=src/shishid.c;hb=HEAD

I could describe in detail how the work is intended to work, but I
suspect it is better to have a clean mindset when doing audits.  Ask if
there is anything unclear.

The PTS entry for shishi is:

http://packages.qa.debian.org/s/shishi.html

/Simon
Permalink | Reply | 0 comments |
headers
أحمد المحمودي | 17 Apr 2008 20:43
Picon

acon package needs audit

Hello,

  I have been told on #debian-security that acon (a package that I 
  maintian) needs audit.

  The package can be found at:
  http://mentors.debian.net/debian/pool/main/a/acon/acon_1.0.5-7.dsc

--

-- 
 أحمد المحمودي (Ahmed El-Mahmoudy)
  Digital design engineer
  SySDSoft, Inc.
 GPG KeyID: 0x9DCA0B27 ( <at>  subkeys.pgp.net)
 GPG Fingerprint: 087D 3767 8CAC 65B1 8F6C  156E D325 C3C8 9DCA 0B27
Permalink | Reply | 3 comments |
headers
brian m. carlson | 17 Apr 2008 21:31

Re: acon package needs audit

On Thu, Apr 17, 2008 at 08:43:25PM +0200, أحمد المحمودي wrote:
>Hello,
>
>  I have been told on #debian-security that acon (a package that I 
>  maintian) needs audit.

Yes, it does.  I just found a security bug after looking for two 
minutes.

What's the standard procedure for a package that is in testing/unstable 
but not in stable?

--

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Permalink | Reply | 2 comments |
headers
Nico Golde | 17 Apr 2008 21:58
Picon
Favicon

Re: acon package needs audit

Hi,
* brian m. carlson <sandals <at> crustytoothpaste.ath.cx> [2008-04-17 21:40]:
> On Thu, Apr 17, 2008 at 08:43:25PM +0200, ???????? ???????????????? wrote:
> > I have been told on #debian-security that acon (a package that I  maintian) 
> >needs audit.
> 
> Yes, it does.  I just found a security bug after looking for two minutes.
> 
> What's the standard procedure for a package that is in testing/unstable but not 
> in stable?

File a bug if the version in unstable/testing is affected.
Cheers
Nico
--

-- 
Nico Golde - http://www.ngolde.de - nion <at> jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
Permalink | Reply | 0 comments |
headers
Steve Kemp | 17 Apr 2008 21:59
Picon
Favicon
Gravatar

Re: acon package needs audit

On Thu Apr 17, 2008 at 19:31:40 +0000, brian m. carlson wrote:

>>  I have been told on #debian-security that acon (a package that I  
>> maintian) needs audit.
>
> Yes, it does.  I just found a security bug after looking for two  
> minutes.
>
> What's the standard procedure for a package that is in testing/unstable  
> but not in stable?

  Either report a bug to the maintainer, who will pass it on, or
 file a public bug in the BTS.

  The testing security team could also be an alternate person
 to contact.

  PS.  Good catch!

Steve
--

-- 
Managed Anti-Spam Service
http://mail-scanning.com/
Permalink | Reply | 0 comments |

Gmane