Re: [SRM] Possible upload of adtool
Jonathan Wiltshire wrote:
> Dear SRMs,
>
> (paraphrased from my mail to security team):
>
> Versions of adtool prior to 1.3.2 are vulnerable to leaking password
> information for foreign accounts on the proc title if given as arguments
> to the program. I came across this by chance in a year-old bug on
> Launchpad [1], and the suggested patch has been integrated upstream in
> unstable with slight modification [2].
>
> It's not serious enough to warrant a security update, but Thijs
> suggested getting it into Lenny in the upcoming point release if it's
> not too late already. The patch is trivial.
>
> However, between the versions in stable and testing I adopted adtool, so
> my question is:
>
> 1. would you like an upload, or is it too late?
Sure, please do.
> 2. if so, is a maintainer change acceptable in the same upload?
Yes.
> 3. as a DM only, can you accept an upload directly or will I need
> sponsorship?
Just try, it should work AFAICS.
Cheers
Luk
Reply to: