Bug#884816: RFS: frontaccounting/2.4.3-1 [ITA]

To: Janusz Dobrowolski <janusz@frontaccounting.eu>, 884816@bugs.debian.org
Subject: Bug#884816: RFS: frontaccounting/2.4.3-1 [ITA]
From: Antoine Beaupre <anarcat@orangeseeds.org>
Date: Fri, 16 Feb 2018 11:22:34 -0500
Message-id: <[🔎] 20180216162234.xlp7yihklhbm7vs5@curie.anarc.at>
Reply-to: Antoine Beaupre <anarcat@orangeseeds.org>, 884816@bugs.debian.org
In-reply-to: <23b6e4e9-eebf-5eea-8dc4-3b18a44a86e8@frontaccounting.eu>
References: <23b6e4e9-eebf-5eea-8dc4-3b18a44a86e8@frontaccounting.eu> <23b6e4e9-eebf-5eea-8dc4-3b18a44a86e8@frontaccounting.eu>

Hi,

I haven't reveiewed the package in details, but before this is accepted
into Debian, care should be taken to review the existing security
vulnerabilities that affect this package.

For example, CVE-2018-7176 (bug #890604) currently affects the package
you are proposing to upload (2.4.3). It the package is uploaded as such,
you should clarify what the way forward is to fix that package. Either
it will be fixed in a subsequent release, or the package will have to be
marked as unsupported in Debian.

https://security-tracker.debian.org/tracker/CVE-2018-7176

Thank you for your attention.

A.

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#884816: RFS: frontaccounting/2.4.3-1 [ITA]
  - From: Janusz Dobrowolski <janusz@frontaccounting.eu>
- Bug#884816: Bug#890604: Can't reproduce vulnerability on latest packaged FA version
  - From: Janusz Dobrowolski <janusz@frontaccounting.eu>

Prev by Date: Bug#890580: RFS: gnustep-base/1.25.1-2
Next by Date: Bug#890648: RFS: fcitx-imlist/0.5.1-2
Previous by thread: Bug#890580: marked as done (RFS: gnustep-base/1.25.1-2)
Next by thread: Bug#884816: RFS: frontaccounting/2.4.3-1 [ITA]
Index(es):
- Date
- Thread