Re: Bug#466539: gnome-peercast: CVE-2007-6454 heap-based buffer overflow possibly leading to code execution

To: Romain Beauxis <toots@rastageeks.org>, 466539@bugs.debian.org
Cc: debian-qa@lists.debian.org
Subject: Re: Bug#466539: gnome-peercast: CVE-2007-6454 heap-based buffer overflow possibly leading to code execution
From: Thijs Kinkhorst <thijs@debian.org>
Date: Tue, 19 Feb 2008 14:08:46 +0100
Message-id: <[🔎] 200802191408.49082.thijs@debian.org>
In-reply-to: <20080219125743.8295.50508.reportbug@ras-macintosh>
References: <20080219125743.8295.50508.reportbug@ras-macintosh>

On Tuesday 19 February 2008 13:57, Romain Beauxis wrote:
> Package: gnome-peercast
> Version: 0.5.4-1.1
> Severity: grave
> Tags: security
> Justification: user security hole
>
>
>         Hi !
>
> CVE-2007-6454 as been fixed for peercast, but since this package
> includes a static version of the code, the vulnerability still applies
> there.
>
> As a side note, I've already done a lot of things to try to fix this,
> but upstream seems not to care at all, and didn't maintain this package
> for 1 year (last upload was my NMU)...

So am I right to conclude that we'd better remove this package rather than to 
try and fix it?


Thijs

Attachment: pgpx3X0coYWCC.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Bug#466539: gnome-peercast: CVE-2007-6454 heap-based buffer overflow possibly leading to code execution
  - From: Romain Beauxis <toots@rastageeks.org>

Prev by Date: Bug#466515: PTS: "you should include ."
Next by Date: Bug#466515: PTS: "you should include ."
Previous by thread: Bug#466515: marked as done (PTS: "you should include .")
Next by thread: Re: Bug#466539: gnome-peercast: CVE-2007-6454 heap-based buffer overflow possibly leading to code execution
Index(es):
- Date
- Thread