Re: gpdf: remove? security hole open for this long?

To: Martin Michlmayr <tbm@cyrius.com>
Cc: Junichi Uekawa <dancer@netfort.gr.jp>, 334454@bugs.debian.org, control@bugs.debian.org, debian-qa@lists.debian.org
Subject: Re: gpdf: remove? security hole open for this long?
From: Junichi Uekawa <dancer@netfort.gr.jp>
Date: Sat, 22 Jul 2006 21:34:01 +0900
Message-id: <[🔎] 878xmlizt2.dancerj%dancer@netfort.gr.jp>
In-reply-to: <[🔎] 20060721230430.GZ16475@deprecation.cyrius.com>
References: <[🔎] 878xmndnd1.dancerj%dancer@netfort.gr.jp> <[🔎] 20060721230430.GZ16475@deprecation.cyrius.com>

severity 334454 serious 
thanks

To me, that patch as specified in 322467 is not applied, so from a
casual reading, it looks like the security hole is open.

At Sat, 22 Jul 2006 01:04:31 +0200,


Martin Michlmayr wrote:
> 
> * Junichi Uekawa <dancer@netfort.gr.jp> [2006-07-21 23:49]:
> > I think having a security hole for more than a year is a reason to remove
> > gpdf. 
> > 
> > evince seems to be a replacement, gpdf is deprecated.
> 
> It should imho get orphaned first.  BCCing the MIA people - what's up
> there anyway?  Hasn't mechanix been inactive for ages?
> 
> Oh, gpdf was uploaded in March.  And it mentions some security fixes.
> Can someone check if those address #334454?


regards,
	junichi
-- 
dancer@{debian.org,netfort.gr.jp}   Debian Project

Reply to:

References:
- gpdf: remove? security hole open for this long?
  - From: Junichi Uekawa <dancer@netfort.gr.jp>
- Re: gpdf: remove? security hole open for this long?
  - From: Martin Michlmayr <tbm@cyrius.com>

Prev by Date: Re: gpdf: remove? security hole open for this long?
Next by Date: Pavel Wiecek appears to be MIA
Previous by thread: Re: gpdf: remove? security hole open for this long?
Next by thread: Pavel Wiecek appears to be MIA
Index(es):
- Date
- Thread