El viernes, 1 de mayo 2009, Moritz Muehlenhoff escribió: > Package: memcached > Severity: important > Tags: security > > Please see this link for more information: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1494
Hello, Moritz. The binary version in stable shouldn't be vulnerable, as the advisory clearly specifies that the problem happens with multithreading enabled. For the unstable distribution, I'm just testing new packages. Anyway, the affected code is there for anybody who wants to rebuild the package with multithreading. What should I do, release a new package with that funtionality removed? I can supply the full diff for releasing 1.2.2-1.lenny1 if you want, but I'd like to know the Security Team official statement in this case. Best regards, Ender. -- Buzz Lightyear: You killed my father! Emperor Zurg: No, Buzz...I am your father. -- Toy Story 2. -- Responsable de sistemas tuenti.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org