hello
what a pity when it gets removed. there was a very simple patch to
fix the problem: see http://bugs.debian.org/400718
the package nor the software is too shabby to be supported.
upstream was very fast fixing the issue, after they knew about it.
did the debian security team contact links authors about this issue?
upstream changelog
Tue Nov 28 23:13:38 MET 2006 mikulas:
Fixed severe security bug: '"' and ';' in smb:// url could be used for
remote command execution.
debian changelog
links2 (2.1pre26-1) unstable; urgency=low
* New upstream version. Reenable smb:// support,
it got properly fixed by upstream.
-- Gürkan Sengün <[EMAIL PROTECTED]> Thu, 30 Nov 2006 09:47:56 +0100
links2 (2.1pre25-2) unstable; urgency=high
* Disable smb:// support, fixes CVE-2006-5925.
-- Gürkan Sengün <[EMAIL PROTECTED]> Wed, 29 Nov 2006 09:58:31 +0100
martin, any reason you don't want links (version 0.x/1.x) not removed? because
security team was able to fix this one. sad that stable users don't get a chance
to try this wide variety of software because of this.
i hope it doesn't get removed..
yours,
gürkan
