[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

dcc removal?



Hi,
currently there is one medium severe security issue in the 
dcc software (CVE-2007-1047[0]) which is currently unfixed 
in all Debian distributions.

I had a private conversation[1] with the upstream author of dcc
and the result of this was that backporting this fix to the 
versions included in Debian is not possible because there 
are way too many changes between the version to
extract the relevant changes from the diff without having a 
deep knowledge of what the code does.

So we can't backport a fix and we also don't get patches by 
the upstream author.

Considering that this also does have a negative impact on 
the DCC network itself, what do you think about removing 
this package from stable?

Kind regards
Nico

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1047
[1] https://rt.debian.org/Ticket/Display.html?id=423

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpQce3yoqe8N.pgp
Description: PGP signature


Reply to: