Hi Charles On Thu, 15 Oct 2009 01:50:35 pm Charles Plessy wrote: > Le Thu, Oct 15, 2009 at 01:26:14PM +1100, Steffen Joeris a écrit : > > In the near future, I will try to do the archive scan again and file bugs > > with severity "normal" for the packages below that are still relying on > > the deprecated functions. (Should they be found vulnerable, the severity > > will be raised of course). > > Dear Steffen, > > shouldn’t the upstream maintainer(s) be warned before the security issue is > advertised in public? Before I sent the list, I checked some of the major packages together with the maintainers, so there was some work that happened in the background before publication. Also, I don't expect many of the packages below to be vulnerable, because not every applications allows the setting of the client encoding. Also, I've released a few DSAs to update common bindings in different languages that only offered the deprecated functions. At this stage, it is better to publish this list and ask the maintainers for help, because we don't have the manpower to check them all individually and test them. Cheers Steffen
Description: This is a digitally signed message part.