Cameron Dale <camrdale@gmail.com> writes:
A new version of the TorrentFlux package has been uploaded and it is now
RC-free. As TorrentFlux was removed from testing on Dec. 1st, I am now
requesting it be re-added. The new version (2.1-7) only fixes the security
related issues found in the previous version, no other changes have been made.
For details of the changes made in that version, please see this bug report:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400582
Sorry, but the enormous number of fixes included there make me doubt that
all security holes have been found.
If upstream isn't able to get things like 'shell_exec("bla
\"".$torrent."\"");' right the first time, chances are good that dozens
of other holes are still not found. Unless you provide some sort of
evidence of a complete security audit, I will not approve this package.