[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bugsquash results

Erik Steffl <steffl@bigfoot.com> wrote:
>Jordi Mallach wrote:
>> Many people participated during the whole weekend and the result is that
>> about 130 bugs were closed, tagged "potato" or their severity was lowered as
>> they weren't RC. The numbers aren't accurate, but you can get an idea of
>> what packages were affected if you look at our status file, at
>> http://people.debian.org/~jordi/STATUS, where we tried to note whatever
>----------- darxite - to be removed (security)
>  I have sent a patch for the security problem mentioned in bug report
>and also another similar security issue (buffer overflow). there might
>be other similar ones there...

I looked at darxite during the bugsquashing party and tried to fix the
specific problems mentioned, but when looking through the code I decided
that there were certainly other similar problems there, and I didn't
feel like fixing several dozen potential buffer overflows. The general
coding style reminded me of trn's, which is more or less tolerable in an
application but frightening in something purporting to be a server.

If you can fix all the unsafe string handling in darxite, though, I
applaud you and wouldn't object to the package being kept ...

Colin Watson                                     [cjw44@flatline.org.uk]

Reply to: