marking frontaccounting as unsupported in Wheezy
Hi,
I propose to mark the frontaccounting package to be marked as
unsupported. I have already patched the git repo so this will be done in
the next upload of the debian-security-support package, unless someone
objects here. For what it's worth, the package is not used by any LTS
sponsor.
An unpatched CSRF vulnerability has appeared in the wheezy release
(CVE-2018-7176) and the package is already vulnerable to multiple SQL
injections vulnerabilities as well (CVE-2014-3973).
The package is not present in any later Debian suite, although there is
some work to bring it back in #884816 / #884952. I will make sure
sponsors / ITPs will be aware of those issues as well.
A.
--
There is no cloud, it's just someone else's computer.
- Chris Watterson
Reply to: