[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#481231: RM: maxdb-7.5.00/stable -- ROST; Unfixable security bug, upstream went non-free

Package: release.debian.org
Severity: important

Dear Stable Release Managers,

as discussed on debian-release [1] and acked by Security Team [2],
please remove source package "maxdb-7.5.00" and related packages (listed
below) from Etch.  Maxdb has a serious security bug [3,4] which is
basically unfixable according to the erstwhile maintainer [5], and has
already been removed from Sid [5].  No support from upstream is expected
as they took the package closed-source.

[1] http://lists.debian.org/debian-release/2008/05/msg00136.html
[2] http://lists.debian.org/debian-release/2008/05/msg00234.html
[3] http://bugs.debian.org/461444
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0244
[5] http://bugs.debian.org/461456

The following source packages have dependencies on maxdb and should also
be removed from Etch (as has already occurred in Sid).  (Numbers in
parentheses are the bug number for the removal request from Sid.)

libdbd-maxdb-perl (#461479)
php-maxdb (#461480)

The following source packages have no reason to be shipped in Etch once
maxdb is removed, so they should also probably be removed:

maxdb-doc (#461481)
maxdb-buildtools (#461482)
libsapdbc-java (#461483)

Thanks and best regards,

Kevin B. McCarty <kmccarty@gmail.com>
WWW: http://www.starplot.org/
WWW: http://people.debian.org/~kmccarty/
GPG: public key ID 4F83C751

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: