Re: please unblock libphp-snoopy/1.2.4-1
Evgeni Golov wrote:
> On Sun, 2 Nov 2008 14:23:39 +0100 Christian Perrier wrote:
>
>> While looking around for RC bugs, I noticed several of these against
>> packages that provide this Snoopy stuff on their own (mediamate,
>> opendb, etc.).
>
>>From a quick view at bts.turmzimmer, you mean:
> ampache 504169
> gforge-plugin-scmcvs 504258
> mahara 504170
> mediamate 504172
> opendb 504173
> pixelpost 504171
> Did I miss any?
You should better refer to
http://security-tracker.debian.net/tracker/CVE-2008-4796
If you find any package missing on that list please contact the security team so
it is updated.
Christian Perrier wrote:
> I looked at them and, most of the time, the fix is to depend on
> libphp-snoopy and avoid providing a private (and outdated) copy of
> Snoopy.
That's right, but there are a couple of them which are also vulnerable on etch,
and libphp-snoopy is not available there.
>
>> However, I have no PHP skills are all to be able to fix this
>> myself. If you have such skills, it would be good to fix these packages....
>
> Some of the above are alreaddy fixed in Sid, I'll have a look at the
> others later (or tomorrow, depends on my time).
I will also have to try a go on them tomorrow, but I've been rather busy dealing
with some vulns.
>
> Regards
> Evgeni
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
Reply to: