On Sat, Jan 05, 2008 at 12:45:17AM +0000, Moritz Muehlenhoff wrote: > Hi Pierre, > when investigating some newer flyspray issue I got the following > reply. I suggest removing it from stable in the next point release. > Could you please ask for it's removal on debian-release? (Or if > you have a more elegant solution, please let me know)
I've lost interest in flysrpray for those very reasons (web apps upstreams are insane), so I don't see any other solution, elegant or not. Hence I also believe flyspray should be removed from the next stable release too. > ----- Forwarded message from Cristian Rodriguez <[EMAIL PROTECTED]> ----- > > Date: Thu, 27 Dec 2007 17:08:02 -0300 > From: Cristian Rodriguez <[EMAIL PROTECTED]> > Subject: Re: flyspray FSA:2 > > On 12/27/07, Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote: > > > (flyspray 0.9.8 is included in Debian and I'm trying to assess, > > whether it's affected.) > > > flyspray 0.9.8 is unsupported since at least 2 years, we encorauge > debian to remove this version from the repositories as soon as > possible, because it contains more undisclosed vulnerabilities, this > branch is abandoned and under no circustance we will spend time > reviwing if it is vulnerable to this issue, nor will issue fixes nor > answer any kind of questions about it due to the lack of resources and > due to the fact we didnt wrote that code :-) > > For all practical means, consider 0.9.8 vulnerable or perform the > proof of concept test in order to see if it vulnerable. > > finally, we are willing to cooperate with vendors that distribute > flyspray , but only regarding supported branches ( atm 0.9.9.x) > > Have a nice day. > > -- > I have always wished that my computer would be as easy to use as my > telephone. My wish has come true. I no longer know how to use my > telephone - Bjarne Stroustrup > > ----- End forwarded message ----- -- ·O· Pierre Habouzit ··O [EMAIL PROTECTED] OOO http://www.madism.org
pgpRwlpDSRuL7.pgp
Description: PGP signature
