Re: Please remove knowledgetree and slash for security issues
Steve Langasek wrote:
>> Steve Langasek wrote:
>> > In the meantime, I'm downgrading 160579 because I don't see anything in=
>> > report that would justify claiming the package is unreleasable.
>> It's also vulnerable to CVE-2004-2656 (no bug seems to exist) and
>> CVE-2001-1535 (328927).
> FWIW, of all of these the one that looks most serious to me is the one that
> doesn't have a bug filed for it yet. :)
CVE-2004-2656 should get fixed for Etch, the rest isn't terribly serious.
> Can you explain which of these bugs
> you think justify removing the package from a release, and why?
It has a marginal user base and seems unmaintained, I'm not sure if it's
worth carrying around; but I don't have objections security-wise.