Daniel Leidert wrote: > Why isn't anybody of the official maintainers reacting or commenting on > this bug? There are 3(!) completely undocumented downgrades of a bug, # holes depending on terminal exploits have not been treated as RC I suspect that the above downgrade message from vorlon is the one that you missed seeing. He's probably referring to various other terminal exploits, such as escape character issues with eterm. This seems like a significantly different class of problem than those, though, IMHO. OTOH, not all security holes are grave and the circumstances needed to exploit this one seem sufficiently rare to not consider it grave. On the third hand, this bug has documented a security hole with exploit in apache for about 2 weeks without any reaction from its maintainers, and was open for many months before that without any reaction from them. If apache isn't being maintained, it might be better to drop it from etch anyway. -- see shy jo
Attachment:
signature.asc
Description: Digital signature