Bug#466489: linneighborhood: should this package be orphaned?
Please orphan. Or remove from the archive. As far as I know it's been dropped upstream for several years and there are better alternatives. On Feb 18, 2008, at 8:30 PM, Barry deFreese wrote: Package: linneighborhood Version: 0.6.5-4 Severity: serious User: [EMAIL PROTECTED] Usertags: proposed-orphan Dear Maintainer, While reviewing some packages, your package came up as a package that should maybe be orphaned by its maintainer, because: * Maintainer seems inactive. Last upload was 2006. * Important bug with patch over 3 years old. * Package is severely out of date. If you think that it should be removed from Debian instead of being orphaned, please reply to this bug and tell so. If you disagree and want to continue to maintain this package, please close this bug and do an upload also fixing the other issues. Also, you can study the possibility of taking co-maintainers. If you agree that it should be orphaned, send the following commands to [EMAIL PROTECTED] (replace nn with this bug's number): severity nn normal reassign nn wnpp retitle nn O: -- thanks If you think it should be removed, send the following commands instead: severity nn normal reassign nn ftp.debian.org retitle nn RM: -- RoM; thanks For more information, see http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-archive-manip http://www.debian.org/devel/wnpp/ Thank you, Barry deFreese -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#466487: libauthen-smb-perl: should this package be orphaned or removed?
It's all yours. Thanks much. On Feb 21, 2008, at 4:16 AM, Xavier Oswald wrote: Hi, I will take it. Im maintaining libauthen-simple-smb-perl which depends on libauthen- smb-perl. Thanks, -- ,''`. Xavier Oswald <[EMAIL PROTECTED]> : :' : GNU/LINUX Debian Maintainer `. `' GnuPG Key ID 0x88BBB51E `-938D D715 6915 8860 9679 4A0C A430 C6AA 88BB B51E -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#466487: libauthen-smb-perl: should this package be orphaned or removed?
Hi there, Original maintainer piping in. I definitely don't have the interest or time to maintain this package. Please mark it orphaned, or remove it from the archive. I suspect it's been quite a long time since anyone found it useful. Will Lowe [EMAIL PROTECTED] On Feb 19, 2008, at 7:43 AM, Gunnar Wolf wrote: Barry deFreese dijo [Mon, Feb 18, 2008 at 11:14:59PM -0500]: Package: libauthen-smb-perl Version: 0.91-3 Severity: serious User: [EMAIL PROTECTED] Usertags: proposed-orphan Dear Maintainer, While reviewing some packages, your package came up as a package that should maybe be orphaned by its maintainer, because: * Maintainer seems inactive. Last upload was 2004. * RC bug older than 60 days. * I am unable to find an upstream source. I have searched CPAN and with google. * Package is severely out of date. * Popcon of 82. Hi, I'm cc:ing this message to the pkg-perl group - we might end up adopting/hijacking the package ;-) You can get the newest upstream version of the package at CPAN ([1, 2]). The package _is_ at the newest upstream revision. If you think that it should be removed from Debian instead of being orphaned, please reply to this bug and tell so. If you disagree and want to continue to maintain this package, please close this bug and do an upload also fixing the other issues. Also, you can study the possibility of taking co-maintainers. I don't have a compelling reason to jump and adopt this package; however, I know many modules in the Authen::* namespace were recently grabbed by Xavier Oswald. Xavier, or anybody in the group: Are you interested? :) Greetings, [1] http://search.cpan.org/~pmkane/Authen-Smb-0.91/Smb.pm [2] http://search.cpan.org/CPAN/authors/id/P/PM/PMKANE/Authen-Smb-0.91.tar.gz -- Gunnar Wolf - [EMAIL PROTECTED] - (+52-55)5623-0154 / 1451-2244 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#348407: pine: security hole in imap support
I believe that a mailicious IMAP server can gain access to the local system (where Pine is running). Agree that non-free sucks, but wanted to point the problem out since I'm sure a lot of folks are using our pine and pine-tracker packages. On Wed, Jan 18, 2006 at 02:04:53AM +0100, Santiago Vila wrote: > On Mon, 16 Jan 2006, Will Lowe wrote: > > > Package: pine > > Version: 4.62-1 > > Severity: grave > > Justification: user security hole > > > > http://www.washington.edu/pine/ says: > > > > Note: Install Pine 4.64, or later version, to fix a buffer overflow > > problem. Read iDEFENSE Security Advisory for full details. > > > > The advisory is here: > > > > http://www.idefense.com/intelligence/vulnerabilities/display.php?id=313 > > > > Pine appears to use the UW-IMAP client-side IMAP library, which has a > > bug that allows access to the system by the user running Pine. > > > > The version of Pine shipped in Sarge is 4.62 and I've seen no > > security-related release to address this issue. I realize that Pine > > is in non-free but we're leaving our users out to dry here ... > > How exactly this is dangerous in *pine*? (not in the IMAP server) > > You gain access to the system if you are running pine? That would be a normal > bug, IMHO, and therefore not the kind of bug that would deserve a report > of grave severity. > > In either case, non-free sucks, and pine sucks even more. Since we > don't distribute any .debs, apt-get upgrade will not magically fix > anything. If I had to deal with this, I would tell users just to use > the version in testing/unstable, which builds fine on stable, as > they would have to build the new version themselves anyway. > > I'm Cc:ing the security team for their opinion. -- Will -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#348407: pine: security hole in imap support
Package: pine Version: 4.62-1 Severity: grave Justification: user security hole http://www.washington.edu/pine/ says: Note: Install Pine 4.64, or later version, to fix a buffer overflow problem. Read iDEFENSE Security Advisory for full details. The advisory is here: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=313 Pine appears to use the UW-IMAP client-side IMAP library, which has a bug that allows access to the system by the user running Pine. The version of Pine shipped in Sarge is 4.62 and I've seen no security-related release to address this issue. I realize that Pine is in non-free but we're leaving our users out to dry here ... -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.13 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages pine depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libldap2 2.1.30-8 OpenLDAP libraries ii libncurses5 5.4-4 Shared libraries for terminal hand ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries ii mime-support 3.28-1 MIME files 'mime.types' & 'mailcap -- no debconf information -- Will -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]