Cameron Dale <camrdale@gmail.com> writes:
> A new version of the TorrentFlux package has been uploaded and it is now
> RC-free. As TorrentFlux was removed from testing on Dec. 1st, I am now
> requesting it be re-added. The new version (2.1-7) only fixes the security
> related issues found in the previous version, no other changes have been made.
> For details of the changes made in that version, please see this bug report:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400582
Sorry, but the enormous number of fixes included there make me doubt that
all security holes have been found.
If upstream isn't able to get things like 'shell_exec("bla
\"".$torrent."\"");' right the first time, chances are good that dozens
of other holes are still not found. Unless you provide some sort of
evidence of a complete security audit, I will not approve this package.
Marc
--
BOFH #448:
vi needs to be upgraded to vii
Attachment:
pgpZQItXOOtvU.pgp
Description: PGP signature