* Thijs Kinkhorst <[EMAIL PROTECTED]> [2008-10-06 12:05:21 CEST]: > On Mon, October 6, 2008 11:12, Gerfried Fuchs wrote: > > Copy to debian-release because this question is rather a question to > > the release team, even though it's extremely late and hope is pretty low > > ... > > > > * Thijs Kinkhorst <[EMAIL PROTECTED]> [2008-03-19 20:15:43 CET]: > >> You would not interfere with any work from our (security team) point of > >> view. Moodle does not use the code of this specific vulnerability so no > >> patch is needed. > > > > Thijs, do I perceive it correctly that you just forgot to lower the > > severity of this bugreport? > > I'm not sure where you see that the severity is unjustified? As far as I > know it still contains and uses an embedded code copy which is present as > a separate package in the archive. I think that is a serious issue and > don't see why it should go unresolved.
You said yourself that the code of this vulnerability isn't used so I don't understand how you can call this one justified. Yes, it contains an embedded code copy, but it's not the only package that does and not all get ripped off, and it's not like it's a hidden and unknown copy. Said that, on the other hand I regret to have sent this mail/request, haven't thouht about past security-wise history of moodle and that the package is lagging behing quite some bugfix releases - so I'm absolutely fine with keeping it out until someone really up to the job keeps track of this mess, and: > There are many more open security issues in stable: > http://security-tracker.debian.net/tracker/source-package/moodle ... and able to help to extract the relevant bits to ease the security team's work. <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494642> is there about this, and hopefully it will work out this time. If the team performs well I'm propably willing to provide backports ... > Security issues are frequent in this package so it needs an active > maintainer to keep up with it, which it currently hasn't got. Right, and sorry for having acted blindfolded. It's often a thin line between usefulness and painfulness and I forgot about the other part here ... I take back my request, sorry for the fuss. Rhonda -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
