Hi, currently there is one medium severe security issue in the dcc software (CVE-2007-1047[0]) which is currently unfixed in all Debian distributions. I had a private conversation[1] with the upstream author of dcc and the result of this was that backporting this fix to the versions included in Debian is not possible because there are way too many changes between the version to extract the relevant changes from the diff without having a deep knowledge of what the code does. So we can't backport a fix and we also don't get patches by the upstream author. Considering that this also does have a negative impact on the DCC network itself, what do you think about removing this package from stable? Kind regards Nico [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1047 [1] https://rt.debian.org/Ticket/Display.html?id=423 -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpbisWdBrjs0.pgp
Description: PGP signature