[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: maxdb-7.5.00 packages in sid fix security problems



Hi Steve,

this seems like a severe case of bad timing. It's not like they're changing their copyrights every single month of the year... :)

Anyway, I will try and sort out the relevant patches this week-end. In case I'm successful, I will submit the new package to testing-proposed-updates.

Best wishes,

Martin.

Steve Langasek wrote:
Hi Martin,

On Wed, May 04, 2005 at 06:48:42PM +0200, Martin Kittel wrote:

could you please unfreeze the maxdb-7.5.00 packages in sid to allow them to enter sarge? They fix a number of buffer overflows that were found in the MaxDB webtools (and thus are remotely exploitable).


It would be great if you would explain to your upstream that the copyright
on a file doesn't change in the new year unless they've actually edited it
for something *other* than to change the copyright notice. :/

In the meantime, a 178,000 line diff that consists mostly of updates to
copyright notices is a great example of why we ask to avoid new upstream
versions, but it's not something that's tenable for us to review.  Could you
please extract the relevant security changes from upstream, apply them to
7.5.00.24, and upload to testing-proposed-updates?

Thanks,



Reply to: