Bug#702548: pu: package libssh/0.4.5-3+squeeze2
Le Wed, 22 May 2013 22:17:31 +0100,
"Adam D. Barratt" <adam@adam-barratt.org.uk> a écrit :
> On Sun, 2013-04-21 at 17:10 +0200, Laurent Bigonville wrote:
> > Le Fri, 19 Apr 2013 19:38:26 +0100,
> > "Adam D. Barratt" <adam@adam-barratt.org.uk> a écrit :
> >
> > > On Fri, 2013-03-08 at 16:01 +0000, Adam D. Barratt wrote:
> > > > On Fri, 2013-03-08 at 10:09 +0100, Laurent Bigonville wrote:
> > > > > I'm planning to upload a fix for bug #698963 (CVE-2013-0176)
> > > > > in stable-proposed-updates.
> [...]
> > > Ping?
> >
> > Damm I completely forgot about that one...
> >
> > I'll try to look at that tonight.
>
> Any news on that? :)
I looked (quickly must confess) at a way of testing the fix and see if
there was a regression or not. The problem is that the patch is in the
server part of the code, and I think that actually nothing is using it
(and I'm not sure that this part of the code is usable at all).
The security issue is minor (DOS), and wheezy has been released now, so
I not sure it worth the pain of fixing this, what do you think?
Cheers
Laurent Bigonville
Reply to: