Andreas Barth wrote: > - If your package has been removed recently (i.e. in the last 20 days) > due to an RC bug, and you have an bugfix-only update uploaded, > you can contact the release team about letting your package back in. > Same as above: Do not expect us to find it out ourself. You need to > push that. A new version of the TorrentFlux package has been uploaded and it is now RC-free. As TorrentFlux was removed from testing on Dec. 1st, I am now requesting it be re-added. The new version (2.1-7) only fixes the security related issues found in the previous version, no other changes have been made. For details of the changes made in that version, please see this bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400582 Here's the changelog: > torrentflux (2.1-7) unstable; urgency=high > > * Add more security fixes (Closes: #400582) > - some missed previously (11_missed_security_fixes.dpatch) > - remote command execution in metaInfo.php, issue > CVE-2006-6331 (12_metaInfo_remote_command.dpatch) > - possible XSS vulnerability due to urldecode > (13_possible_xss_vulnerability.dpatch) > - remote command execution in maketorrent.php, > (14_maketorrent_remote_command.dpatch) > - more possible fixes just to be safe > (15_additional_possible_fixes.dpatch) > > -- Cameron Dale <camrdale@gmail.com> Sat, 16 Dec 2006 22:30:44 -0800 All the changes are in the 4 dpatch files mentioned in the changelog. Thanks, Cameron
Attachment:
signature.asc
Description: OpenPGP digital signature