Package: release.debian.org Severity: important Dear Stable Release Managers, as discussed on debian-release [1] and acked by Security Team [2], please remove source package "maxdb-7.5.00" and related packages (listed below) from Etch. Maxdb has a serious security bug [3,4] which is basically unfixable according to the erstwhile maintainer [5], and has already been removed from Sid [5]. No support from upstream is expected as they took the package closed-source. [1] http://lists.debian.org/debian-release/2008/05/msg00136.html [2] http://lists.debian.org/debian-release/2008/05/msg00234.html [3] http://bugs.debian.org/461444 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0244 [5] http://bugs.debian.org/461456 The following source packages have dependencies on maxdb and should also be removed from Etch (as has already occurred in Sid). (Numbers in parentheses are the bug number for the removal request from Sid.) libdbd-maxdb-perl (#461479) php-maxdb (#461480) The following source packages have no reason to be shipped in Etch once maxdb is removed, so they should also probably be removed: maxdb-doc (#461481) maxdb-buildtools (#461482) libsapdbc-java (#461483) Thanks and best regards, -- Kevin B. McCarty <kmccarty@gmail.com> WWW: http://www.starplot.org/ WWW: http://people.debian.org/~kmccarty/ GPG: public key ID 4F83C751
Attachment:
signature.asc
Description: OpenPGP digital signature