Hi Moritz, * Moritz Muehlenhoff <jmm@inutil.org> [2008-01-18 10:08]: > Nico Golde wrote: > > currently there is one medium severe security issue in the=20 > > dcc software (CVE-2007-1047[0]) which is currently unfixed=20 > > in all Debian distributions. > > > > I had a private conversation[1] with the upstream author of dcc > > and the result of this was that backporting this fix to the=20 > > versions included in Debian is not possible because there=20 > > are way too many changes between the version to > > extract the relevant changes from the diff without having a=20 > > deep knowledge of what the code does. > > > > So we can't backport a fix and we also don't get patches by=20 > > the upstream author. > > > > Considering that this also does have a negative impact on=20 > > the DCC network itself, what do you think about removing=20 > > this package from stable? > > It's my understanding from the conversation with upstream, that the open > security issues is unrelated to the fact that the outdated version > of DCC in Etch causes problems inside the DCC network. Yes that's true. Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpFhuaRUv7KP.pgp
Description: PGP signature