(How) do we roll-back lprng?

To: debian-security@lists.debian.org
Subject: (How) do we roll-back lprng?
From: csmall@eye-net.com.au (Craig Small)
Date: Sun, 25 Nov 2001 09:37:18 +1100
Message-id: <[🔎] 20011125093718.B5847@eye-net.com.au>

OK we've had upstream report that noone should use lprng 3.8.0 because
it has a security bug in it but there is no more information.  This
message went out 16 November and still no more details (except it is
setuid related) and no fix in sight yet.  He said that a new release
will be ASAP.

It's now the 25th November.  I'm not comfortable having in our archives
a package which version the upstream has said has a security hole.  So
I'm asking the Debian security people, what should be done?

If the consensus is that we should roll back to 3.7.4-5 then that's ok
with me.  3.8.0 had some good but not essential fixes in it (for most
people anyway).  I just don't know how to do it.

  - Craig
-- 
Craig Small VK2XLZ  GnuPG:1C1B D893 1418 2AF4 45EE  95CB C76C E5AC 12CA DFA5
Eye-Net Consulting http://www.eye-net.com.au/        <csmall@eye-net.com.au>
MIEEE <csmall@ieee.org>                 Debian developer <csmall@debian.org>

Reply to:

Follow-Ups:
- Re: (How) do we roll-back lprng?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: is 3des secure??
Next by Date: Re: (How) do we roll-back lprng?
Previous by thread: filesystem errors 2
Next by thread: Re: (How) do we roll-back lprng?
Index(es):
- Date
- Thread