[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [pkg-lighttpd] Bug#474951: Is a fix for etch planned?



On Tue, Apr 15, 2008 at 02:40:07AM +0000, Shane McChesney wrote:
> Glad I found this thread, it explains the 239GB error log I just blew
> away and the new one growing on the server now.
> 
> On 1.4.13-4etch7, running:
> 
> apt-get update
> apt-get install lighttpd
> 
> ....says "lighttpd is already the newest version."
> 
> Is a fix for etch planned? If so, is there any timeline yet?
> 
> This has got to be affecting a lot more users than just those of us
> who tracked it here...

  Dear security team, you broke lighttpd badly with your last upload,
because you use a broken patch to fix the last CVE on it. Please update
the patch, using e.g. the one in the unstable version instead.  You've
broken lighttpd for almost 10 days, it's quite unacceptable to have a
lighttpd in _stable_ in that state.

  Dear SRM team: would an upload to s-p-u be accepted if the security
team still doesn't react ?

-- 
·O·  Pierre Habouzit
··O                                                madcoder@debian.org
OOO                                                http://www.madism.org

Attachment: pgpqn5XOuTuzf.pgp
Description: PGP signature


Reply to: