Your message dated Sun, 29 Jun 2008 23:46:20 +0200
with message-id <[EMAIL PROTECTED]>
and subject line All issues do not apply to version in Debian
has caused the Debian Bug report #485502,
regarding slash: Two Data Sanitization Security Issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
485502: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485502
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: slash
Severity: critical
Version: 2.2.6-8
Just came in over slashcode-general:
http://sourceforge.net/mailarchive/forum.php?thread_name=0908616B-1316-426C-95EA-CA0665730492%40slashdot.org&forum_name=slashcode-general
Will prepare an update for at least Etch which will fix this _and_ the
two earlier issues discussed in #484499 and RT#485.
Regards, Axel
--
Axel Beckert - [EMAIL PROTECTED] - http://noone.org/abe/
--- End Message ---
--- Begin Message ---
Although the announcement said "all 2.x" sites should apply these
fixes, none of the patched code pieces or similar (and vulnerable)
code fragments are present in the stable 2.2.6 release and therefore
the Debian version should not be vulnerable to these issues.
A look at when the code has been introduced compared with the last
modified dates in the .orig.tar.gz confirmed this as well as some
comments on the bug being introcuded with code refactoring while
Debian's version of slash has clearly the not yet refactored version.
Regards, Axel
--
Axel Beckert - [EMAIL PROTECTED], [EMAIL PROTECTED] - http://noone.org/abe/
--- End Message ---
