El viernes, 1 de mayo 2009, Moritz Muehlenhoff escribió:
> Package: memcached
> Severity: important
> Tags: security
>
> Please see this link for more information:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1494
Hello, Moritz. The binary version in stable shouldn't be vulnerable,
as the
advisory clearly specifies that the problem happens with multithreading
enabled.
For the unstable distribution, I'm just testing new packages.
Anyway, the affected code is there for anybody who wants to rebuild the
package with multithreading. What should I do, release a new package with
that funtionality removed? I can supply the full diff for releasing
1.2.2-1.lenny1 if you want, but I'd like to know the Security Team official
statement in this case.
Best regards,
Ender.
--
Buzz Lightyear: You killed my father!
Emperor Zurg: No, Buzz...I am your father.
-- Toy Story 2.
--
Responsable de sistemas
tuenti.com
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
