On 2012-12-06 18:33, Joerg Jaspert wrote:
as we have found a bug in a part of our archive software that might lead to remote code execution, we have stopped processing uploads until this bug is fixed. We expect that to happen pretty soon, though Thursday ismore likely to see a fix than the rest of this Wednesday.And while the main archive got it turned back on around noon UTC,the other archives just got it back. So all back to normal, nothing tosee, go on fixing RC bugs please. :)
Thanks for securing it quickly :) Is there any danger of the vulnerable code being in use on other systems, e.g. as part of a dak install?
-- Jonathan Wiltshire jmw@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 <directhex> i have six years of solaris sysadmin experience, from 8->10. i am well qualified to say it is made from bonghits layered on top of bonghits