On Thu, Oct 22, 2009 at 11:34:32PM +0200, Moritz Muehlenhoff wrote: > But please proceed with the removal from unstable by filing a removal bug > against ftp.debian.org. Amaya has been removed and the other users have > been fixed.
I've filed for removal: #552033 > Since CVE-2009-2625 doesn't allow code injection, but only DoS and given > that libwww in oldstable is only used by wmweather, I think we can ignore > it, unless Nico wants to work on an update? Well, I've already prepared new versions of the packages, although they are completely untested ATM, except that I had a look at them with debdiff/interdiff: <http://atterer.net/libwww/> Are you interested in using these? Cheers, Richard sha384sum: 518b5f248997eb31f3c0bc5e876b50fe2265d693c6686f2caec2c86d01f67a5b3d57459447fd73201df49048078bfd8b libwww0_5.4.0-11+etch1_amd64.deb 417eb401b507c1901941659a437b304d8bbc40da60c6bba2916842a109ab0b15c1fa95b3da5da9a3eec44135e06b96bc libwww-dev_5.4.0-11+etch1_amd64.deb 2064a45e8123d9eab51d7f20f9ec419fa692b8c87c95dd13f654c310ffa1068c6c0e03ff9910add9e32950efce10f25d libwww-ssl0_5.4.0-11+etch1_amd64.deb cf79bae0eb283237b50518b95e1c8755464036eaf3162557f7022f62cdab405ae47518623a03cbf5e2222918fba54c2d libwww-ssl-dev_5.4.0-11+etch1_amd64.deb ced1bb2f057754679d1447414882ef724a903745bc6d6b5d3b21de35ea30d13a70970974f44ad205c89caed41f5116b0 w3c-libwww_5.4.0-11+etch1_amd64.changes 0a720f95e35051033a469a05a20088c8c5ad109b41fea5e6e8a372c3d40881289160f90d1cbc68e1eda436b26f2cb3c1 w3c-libwww_5.4.0-11+etch1.diff.gz 06f0d46eef90ef111e8c9ba1269e62c64aa04df01c6be153b78c03f2cf7fd2407f9cef12488be98c27a7ea6132df1c0f w3c-libwww_5.4.0-11+etch1.dsc 0ea73901b7da23d403b43910f97e7ed7dff11d539811244136c5102dde67bee5aea10b2f5dd1ab16f898da8a65d65352 w3c-libwww_5.4.0.orig.tar.gz -- __ , | ) /| Richard Atterer | GnuPG key: 888354F7 | \/ | http://atterer.net | 08A9 7B7D 3D13 3EF2 3D25 D157 79E6 F6DC 8883 54F7
signature.asc
Description: Digital signature
