Package: links2 Version: 2.1pre16-1 Severity: serious Tags: security Justification: seem to buggy to be supported by the security team
Hi, on December 21st, DSA 1240 was released from a member of the security team. It was issued to fix 'arbitrary shell command execution'. Within a week the stable release team informed the security team, that the DSA was not release with all architectures. The security team was reminded about this issue from me several times, please see Message-ID: <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Even our DPL and FTP-Master aj became active on that and offered the build logs to become available to all security team members (embargoed and non-embargoed team). Also the security team got reminded about that issue several times on IRC in #debian-security. This issue stands now for 3.5 month without reaction from the security team. Therefor i conclude that the security team is a) either unwilling to support links2 in stable or b) this package is too buggy to be supported. I therefore propose also to remove this package from stable with the next point release (to be happen on Thursday or Friday this week) and advice the rest of the release team to do the same for Etch. Greetings Martin System Information: Debian Release: 4.0 APT prefers testing APT policy: (1003, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages links2 depends on: ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libdirectfb-0.9-25 0.9.25.1-5 direct frame buffer graphics - sha ii libgpmg1 1.19.6-25 General Purpose Mouse - shared lib ii libjpeg62 6b-13 The Independent JPEG Group's JPEG ii libpng12-0 1.2.15~beta5-1 PNG library - runtime ii libssl0.9.8 0.9.8c-4 SSL shared libraries ii libsvga1 1:1.4.3-24 console SVGA display libraries ii libtiff4 3.8.2-7 Tag Image File Format (TIFF) libra ii libx11-6 2:1.0.3-6 X11 client-side library ii zlib1g 1:1.2.3-13 compression library - runtime links2 recommends no packages. -- no debconf information
signature.asc
Description: Digital signature