Bug#678644: Upstream request: new upload or remove from archive (security reasons)
retitle 678644 Zoph: Cross-site scripting vulnerabilities fixed in 0.8.0.3 tags 678644 + patch quit Jeroen Roos wrote: > The version currently in Debian (both stable and unstable) is > 0.8.0.1-1, which is based on my (upstream) version 0.8.0.1 (sept > 2009), after that, version 0.8.0.3 (July 2010) has been released, > which included several security (XSS) fixes. Several other releases > have been made, but no other security problems. For details please > see the changelog. > http://en.wikibooks.org/wiki/Zoph/Changelog. Thanks much! Retitling to make the needed fix more obvious. http://www.zoph.org/c/news/2010/security-releases-for-zoph/ https://github.com/jeroenrnl/zoph/commit/48f16871 Ciao, Jonathan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#678644: Upstream request: new upload or remove from archive (security reasons)
On 09-09-12 21:46, Jonathan Nieder wrote: Jeroen Roos wrote: The version currently in Debian (both stable and unstable) is 0.8.0.1-1, which is based on my (upstream) version 0.8.0.1 (sept 2009), after that, version 0.8.0.3 (July 2010) has been released, which included several security (XSS) fixes. Several other releases have been made, but no other security problems. For details please see the changelog. http://en.wikibooks.org/wiki/Zoph/Changelog. The current stable release for Zoph is 0.9, there is no current unstable release. Thanks! Do you mind if I forward this information to the bug log? Not at all. Jeroen -- Zoph Organizes PHotos http://www.zoph.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#678644: Upstream request: new upload or remove from archive (security reasons)
Hi Henrique, Henrique de Moraes Holschuh wrote: > - Forwarded message from Jeroen Roos - [...] > I am the maintainer of "Zoph", a webbased program to organize photos. > This program has been part of Debian for a long time, but it has not > been updated for a while. [...] > The current version in Debian has several issues, including a few > security-related of which some are severe. All of these are fixed in the > latest release, 0.9 which will be released today. Do you have any details on the specific bugs alluded to here? I'm wondering because without more details, it would not be feasible to fix this in squeeze. (When at all possible, packages in stable releases receive minimal fixes instead of being removed, in order to support current users.) Thanks, Jonathan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#678644: Upstream request: new upload or remove from archive (security reasons)
Package: zoph Followup-For: Bug #678644 Hi, FWIW zoph is orphaned now, feel free to adopt it: http://bugs.debian.org/679417 regards, -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#678644: Upstream request: new upload or remove from archive (security reasons)
Package: zoph Version: 0.8.0.1-1 Severity: grave Tags: security fixed-upstream - Forwarded message from Jeroen Roos - Date: Sat, 23 Jun 2012 14:16:18 +0200 From: Jeroen Roos To: d-p@l.d.o Subject: Outdated version of Zoph in Debian Hi, I am the maintainer of "Zoph", a webbased program to organize photos. This program has been part of Debian for a long time, but it has not been updated for a while. I have contacted the Debian maintainer, Edelhard Becker, about this several times, but to no avail. The current version in Debian has several issues, including a few security-related of which some are severe. All of these are fixed in the latest release, 0.9 which will be released today. Because Edelhard seems to be unwilling and/or unable to fix this, I am requesting you to either find a new maintainer or remove it from the package database. Thank you, Jeroen Roos -- Zoph Organizes PHotos http://www.zoph.org - End forwarded message - -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
