Florian Weimer wrote: > ... >>If we're going to have another crack at it, then, what track should we >>take? Reopen the bug as Florian suggested, > ... >>email the security team, just keep pestering Joey? > > > IMHO, the first step would be to convince the shorewall maintainer > that a security update for stable needed. [*] Then someone needs to > prepare an update (preferably the maintainer or someone else who is > familiar with the software). This is slightly complicated by the > unfortunate fact that the patch in the errate of 2.2.5 does not apply > cleanly to the 2.2.3 version. The maintainer is not the problem. Lorenzo has prepared 2.2.3-2 for sarge [1] and has tested the before and after situations and found that the bug is fixed. The problem is no response from Martin Schulze. [1] http://idea.sec.dico.unimi.it/~lorenzo/tmp/ -- Paul <http://paulgear.webhop.net> -- Did you know? Using accepted quoting conventions makes your email easier to understand. Learn how at <http://www.netmeister.org/news/learn2quote.html>.
Attachment:
signature.asc
Description: OpenPGP digital signature