[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

marking frontaccounting as unsupported in Wheezy


I propose to mark the frontaccounting package to be marked as
unsupported. I have already patched the git repo so this will be done in
the next upload of the debian-security-support package, unless someone
objects here. For what it's worth, the package is not used by any LTS

An unpatched CSRF vulnerability has appeared in the wheezy release
(CVE-2018-7176) and the package is already vulnerable to multiple SQL
injections vulnerabilities as well (CVE-2014-3973).

The package is not present in any later Debian suite, although there is
some work to bring it back in #884816 / #884952. I will make sure
sponsors / ITPs will be aware of those issues as well.


There is no cloud, it's just someone else's computer.
                       - Chris Watterson

Reply to: