Mark boa unsupported ?

To: debian-lts@lists.debian.org
Subject: Mark boa unsupported ?
From: Hugo Lefeuvre <hle@debian.org>
Date: Fri, 30 Jun 2017 11:49:39 +0200
Message-id: <[🔎] 20170630094939.ijxhse3ofq5sghis@hle-laptop.local>

Hi,

I just had a look at boa, which is affected by CVE-2017-9833.

IMHO, I do not think it's worth taking time for this completely
outdated, single-tasking, potentially dangerous webserver. It hasn't
seen an update for 12+ years (last rc 2005?), doesn't support SSL,
access authentication, etc.

Does anybody know whether our sponsors have interest in boa ?

Otherwise I think we should declare it unsupported.

Cheers,
 Hugo

-- 
             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Mark boa unsupported ?
  - From: Raphael Hertzog <hertzog@debian.org>

Prev by Date: Re: Wheezy update of sudo available
Next by Date: avoid friday deployments?
Previous by thread: Re: Wheezy update of sudo available
Next by thread: Re: Mark boa unsupported ?
Index(es):
- Date
- Thread