Thomas Viehmann <tv@beamnet.de> writes:
> xml2rfc #506652
> The maintainer Florian Weimer:
> This means we shouldn't release the current xml2rfc version with
> lenny.
Removal hint added. Should a solution to this problem become available
soonish, the package should get back into lenny.
> mailscanner #506353
> The maintainer Simon Walter writes:
> In the current state the package should not be part of
> the lenny release.
> I'm in no position to fix all this. I'm not familiar enough with
> the MailScanner sourcecode and I'm not able to test the changes I
> would have to make, in particular to all the virusscanner scripts.
> upstream apparently does not seem to, let's say, consider the tempfile
> vulnerability a bug and does not seem to want to fix it.
Removal hint added. FWIW, software like mailscanner, having extensive
contact with possible attackers, should be maintained by someone who's
able to fix security issues in a timely manner. The fact that it isn't
is grounds to remove it from lenny.
> helpdeco #507021
> The maintainer Paul Wise writes:
> Based on the issues I found and fixed in upstream SVN last year with
> the zzuf input fuzzer, I don't think the current version should be
> allowed into lenny on any architecture
Remova hint added.
Thanks for your work, Thomas.
Happy holidays,
Marc
--
Fachbegriffe der Informatik - Einfach erklärt
84: Psychologe
neurolinguistischer Programmierer (Oliver Bandel)
Attachment:
pgpGDkK0SCsuF.pgp
Description: PGP signature