[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [judas.iscariote@flyspray.org: Re: flyspray FSA:2]

On Sat, Jan 05, 2008 at 12:45:17AM +0000, Moritz Muehlenhoff wrote:
> Hi Pierre,
> when investigating some newer flyspray issue I got the following
> reply. I suggest removing it from stable in the next point release.
> Could you please ask for it's removal on debian-release? (Or if
> you have a more elegant solution, please let me know)

  I've lost interest in flysrpray for those very reasons (web apps
upstreams are insane), so I don't see any other solution, elegant or
not. Hence I also believe flyspray should be removed from the next
stable release too.

> ----- Forwarded message from Cristian Rodriguez <judas.iscariote@flyspray.org> -----
> Date: Thu, 27 Dec 2007 17:08:02 -0300
> From: Cristian Rodriguez <judas.iscariote@flyspray.org>
> Subject: Re: flyspray FSA:2
> On 12/27/07, Moritz Muehlenhoff <jmm@debian.org> wrote:
> > (flyspray 0.9.8 is included in Debian and I'm trying to assess,
> > whether it's affected.)
> flyspray 0.9.8 is unsupported since at least 2 years, we encorauge
> debian to remove this version from the repositories as soon as
> possible, because it contains more undisclosed vulnerabilities, this
> branch is abandoned and under no circustance we will spend time
> reviwing if it is vulnerable to this issue, nor  will issue fixes  nor
> answer any kind of questions about it due to the lack of resources and
> due to the fact we didnt wrote that code :-)
> For all practical means, consider 0.9.8 vulnerable or perform the
> proof of concept test in order to see if it vulnerable.
> finally, we are willing to cooperate with vendors that distribute
> flyspray , but only regarding supported branches ( atm 0.9.9.x)
> Have a nice day.
> -- 
> I have always wished that my computer would be as easy to use as my
> telephone. My wish has come true. I no longer know how to use my
> telephone - Bjarne Stroustrup
> ----- End forwarded message -----

·O·  Pierre Habouzit
··O                                                madcoder@debian.org
OOO                                                http://www.madism.org

Attachment: pgpjvYN4tk8K5.pgp
Description: PGP signature

Reply to: