Re: maxdb-7.5.00 packages in sid fix security problems

[Martin Kittel <debian@martin-kittel.de>]

Hi Steve,

this seems like a severe case of bad timing. It's not like they're 
changing their copyrights every single month of the year... :)

Anyway, I will try and sort out the relevant patches this week-end. In 
case I'm successful, I will submit the new package to 
testing-proposed-updates.

Best wishes,

Martin.

Steve Langasek wrote:
> Hi Martin,
>
> On Wed, May 04, 2005 at 06:48:42PM +0200, Martin Kittel wrote:
>
> > could you please unfreeze the maxdb-7.5.00 packages in sid to allow them 
> > to enter sarge? They fix a number of buffer overflows that were found in 
> > the MaxDB webtools (and thus are remotely exploitable).
>
>
> It would be great if you would explain to your upstream that the copyright
> on a file doesn't change in the new year unless they've actually edited it
> for something *other* than to change the copyright notice. :/
>
> In the meantime, a 178,000 line diff that consists mostly of updates to
> copyright notices is a great example of why we ask to avoid new upstream
> versions, but it's not something that's tenable for us to review.  Could you
> please extract the relevant security changes from upstream, apply them to
> 7.5.00.24, and upload to testing-proposed-updates?
>
> Thanks,