marking frontaccounting as unsupported in Wheezy

To: debian-lts@lists.debian.org
Subject: marking frontaccounting as unsupported in Wheezy
From: Antoine Beaupré <anarcat@orangeseeds.org>
Date: Fri, 16 Feb 2018 11:07:36 -0500
Message-id: <[🔎] 87sha0j4tz.fsf@curie.anarc.at>

Hi,

I propose to mark the frontaccounting package to be marked as
unsupported. I have already patched the git repo so this will be done in
the next upload of the debian-security-support package, unless someone
objects here. For what it's worth, the package is not used by any LTS
sponsor.

An unpatched CSRF vulnerability has appeared in the wheezy release
(CVE-2018-7176) and the package is already vulnerable to multiple SQL
injections vulnerabilities as well (CVE-2014-3973).

The package is not present in any later Debian suite, although there is
some work to bring it back in #884816 / #884952. I will make sure
sponsors / ITPs will be aware of those issues as well.

A.

-- 
There is no cloud, it's just someone else's computer.
                       - Chris Watterson

Reply to:

Prev by Date: Re: forgot frontdesk - apologies and solutions?
Next by Date: Re: upload leptonlib
Previous by thread: Re: forgot frontdesk - apologies and solutions?
Next by thread: Wheezy update of golang?
Index(es):
- Date
- Thread