Hi SRMs, I just noticed this in http://ftp-master.debian.org/removals.txt : > [Date: Sun, 20 Jan 2008 00:44:40 +0000] [ftpmaster: Joerg Jaspert] > Removed the following packages from unstable: [snip] > maxdb-7.5.00 | 7.5.00.44-2 | source [snip] > Closed bugs: 461456 > > ------------------- Reason ------------------- > RoM; security issues, upstream closed source > ---------------------------------------------- Should the maxdb-7.5.00 source package perhaps also be removed from Etch for these reasons? The security bug is #461444 and has CVE number CVE-2008-0244. Upstream has taken the package closed-source and apparently there is no easy fix for the security problems. I don't see any indication that there is an intent to release a security update for the Etch packages. If you decide to remove maxdb-7.5.00 source package from Etch, the following dependent source packages should also be removed: libdbd-maxdb-perl (#461479) php-maxdb (#461480) The following would not need to be removed for dependency reasons, but they would no longer have any reason to be shipped: maxdb-doc (#461481) maxdb-buildtools (#461482) libsapdbc-java (#461483) best regards, -- Kevin B. McCarty <kmccarty@gmail.com> WWW: http://www.starplot.org/ WWW: http://people.debian.org/~kmccarty/ GPG: public key ID 4F83C751
Attachment:
signature.asc
Description: OpenPGP digital signature