Re: [SRM] Possible upload of adtool

To: Jonathan Wiltshire <debian@jwiltshire.org.uk>
Cc: debian-release@lists.debian.org
Subject: Re: [SRM] Possible upload of adtool
From: Luk Claes <luk@debian.org>
Date: Sat, 13 Jun 2009 10:11:12 +0200
Message-id: <[🔎] 4A335F20.8010603@debian.org>
In-reply-to: <[🔎] 20090610073635.GB16985@lupin.powdarrmonkey.net>
References: <[🔎] 20090610073635.GB16985@lupin.powdarrmonkey.net>

Jonathan Wiltshire wrote:
> Dear SRMs,
> 
> (paraphrased from my mail to security team):
> 
> Versions of adtool prior to 1.3.2 are vulnerable to leaking password
> information for foreign accounts on the proc title if given as arguments
> to the program. I came across this by chance in a year-old bug on
> Launchpad [1], and the suggested patch has been integrated upstream in
> unstable with slight modification [2].
> 
> It's not serious enough to warrant a security update, but Thijs
> suggested getting it into Lenny in the upcoming point release if it's
> not too late already. The patch is trivial.
> 
> However, between the versions in stable and testing I adopted adtool, so
> my question is:
> 
>  1. would you like an upload, or is it too late?

Sure, please do.

>  2. if so, is a maintainer change acceptable in the same upload?

Yes.

>  3. as a DM only, can you accept an upload directly or will I need
>     sponsorship?

Just try, it should work AFAICS.

Cheers

Luk

Reply to:

Follow-Ups:
- Re: [SRM] Possible upload of adtool
  - From: Jonathan Wiltshire <debian@jwiltshire.org.uk>

References:
- [SRM] Possible upload of adtool
  - From: Jonathan Wiltshire <debian@jwiltshire.org.uk>

Prev by Date: Re: [SRM] Planned upload for samba, targeted at next lenny point release
Next by Date: Re: [SRM] upload of TeX packages to oldstable
Previous by thread: [SRM] Possible upload of adtool
Next by thread: Re: [SRM] Possible upload of adtool
Index(es):
- Date
- Thread