Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 96173743 by Markus Koschany at 2020-12-10T22:53:54+01:00 Remove webcit from dla-needed.txt I am following the release team. The package was removed from Debian recently. Upstream's recommendation to mitigate some of the vulnerabilities is to filter URL requests with Nginx. http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834 This can only be a workaround in my opinion. I don't think we should invest more time into fixing webcit because the package has been removed from Debian and there is no indication that it will be fixed in Buster. If you disagree, please readd the package to dla-needed.txt. - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -170,10 +170,6 @@ spip (Abhijith PA) -- tomcat8 (Utkarsh) -- -webcit (Markus Koschany) - NOTE: 20201130: Requested more information from upstream. Currently patches - NOTE: or workarounds are not available. --- wireshark NOTE: 20201007: during last triage, I marked some CVEs as no-dsa, it'd be great to include NOTE: 20201007: those fixes as well! \o/ (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9617374395f2dfd2831570e8af8fd0dfb72d4aa8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9617374395f2dfd2831570e8af8fd0dfb72d4aa8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits