Bug#481231: marked as done (RM: maxdb-7.5.00/stable -- ROST; Unfixable security bug, upstream went non-free)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 26 Jul 2008 10:17:30 +0000
with message-id <E1KMgqA-0007ws-Mh@ries.debian.org>
and subject line Bug#481231: fixed
has caused the Debian Bug report #481231,
regarding RM: maxdb-7.5.00/stable -- ROST; Unfixable security bug, upstream went non-free
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
481231: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481231
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: RM: maxdb-7.5.00/stable -- ROST; Unfixable security bug, upstream went non-free
• From: "Kevin B. McCarty" <kmccarty@debian.org>
• Date: Wed, 14 May 2008 10:47:00 -0700
• Message-id: <482B2594.8000407@debian.org>

Package: release.debian.org
Severity: important

Dear Stable Release Managers,

as discussed on debian-release [1] and acked by Security Team [2],
please remove source package "maxdb-7.5.00" and related packages (listed
below) from Etch.  Maxdb has a serious security bug [3,4] which is
basically unfixable according to the erstwhile maintainer [5], and has
already been removed from Sid [5].  No support from upstream is expected
as they took the package closed-source.

[1] http://lists.debian.org/debian-release/2008/05/msg00136.html
[2] http://lists.debian.org/debian-release/2008/05/msg00234.html
[3] http://bugs.debian.org/461444
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0244
[5] http://bugs.debian.org/461456

The following source packages have dependencies on maxdb and should also
be removed from Etch (as has already occurred in Sid).  (Numbers in
parentheses are the bug number for the removal request from Sid.)

libdbd-maxdb-perl (#461479)
php-maxdb (#461480)

The following source packages have no reason to be shipped in Etch once
maxdb is removed, so they should also probably be removed:

maxdb-doc (#461481)
maxdb-buildtools (#461482)
libsapdbc-java (#461483)

Thanks and best regards,

-- 
Kevin B. McCarty <kmccarty@gmail.com>
WWW: http://www.starplot.org/
WWW: http://people.debian.org/~kmccarty/
GPG: public key ID 4F83C751

Attachment: signature.asc
Description: OpenPGP digital signature

--- End Message ---

--- Begin Message ---

• To: 481231-close@bugs.debian.org
• Cc: maxdb-7.5.00@packages.debian.org, maxdb-7.5.00@packages.qa.debian.org
• Subject: Bug#481231: fixed
• From: Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>
• Date: Sat, 26 Jul 2008 10:17:30 +0000
• Message-id: <E1KMgqA-0007ws-Mh@ries.debian.org>

We believe that the bug you reported is now fixed; the following
package(s) have been removed from stable:

libsqldbc75 | 7.5.00.34-7 | amd64, i386, ia64
libsqldbc75-dev | 7.5.00.34-7 | amd64, i386, ia64
libsqlod75 | 7.5.00.34-7 | amd64, i386, ia64
libsqlod75-dev | 7.5.00.34-7 | amd64, i386, ia64
maxdb-7.5.00 | 7.5.00.34-7 | source
maxdb-dbanalyzer | 7.5.00.34-7 | amd64, i386, ia64
maxdb-dbmcli | 7.5.00.34-7 | amd64, i386, ia64
maxdb-loadercli | 7.5.00.34-7 | amd64, i386, ia64
maxdb-lserver | 7.5.00.34-7 | amd64, i386, ia64
maxdb-server | 7.5.00.34-7 | amd64, i386, ia64
maxdb-server-7.5.00 | 7.5.00.34-7 | amd64, i386, ia64
maxdb-server-dbg-7.5.00 | 7.5.00.34-7 | amd64, i386, ia64
maxdb-sqlcli | 7.5.00.34-7 | amd64, i386, ia64
maxdb-webtools | 7.5.00.34-7 | amd64, i386, ia64
python-maxdb | 7.5.00.34-7 | amd64, i386, ia64
python-maxdb-loader | 7.5.00.34-7 | amd64, i386, ia64

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive (ftp-master.debian.org) and will not propagate to any
mirrors (ftp.debian.org included) until the next cron.daily run at the
earliest.

Packages are never removed from testing by hand.  Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems.

Bugs which have been reported against this package are not automatically
removed from the Bug Tracking System.  Please check all open bugs and
close them or re-assign them to another package if the removed package
was superseded by another one.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 481231@bugs.debian.org.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@debian.org.

Debian distribution maintenance software
pp.
Joerg Jaspert (the ftpmaster behind the curtain)

--- End Message ---