On Tue, 12 Sep 2006, Finn-Arne Johansen wrote: > Dieter Simader skrev: > > The sessionid is still there but not used anymore. > > > > If you need more info let me know. > > OK, as said - I've tested that the new package installs ok, but I have > not found the time to check how the bug is fixed. > > Since I'm under a rather heavy workload now, I doubt that I can make the > time to verify anything else than that the upgrade went ok.
Same for me. I'm rather busy lately and I prepared this patch because it's a security issue but I do not have time to test the old security-patched package. I have no reason to believe that it would cause major pains however. Petter, maybe you have some time to test the sarge update? > If Raphael understands the patch, I suggest it's uploaded to the > security mirror, and that a DSA is released. Indeed, but I just generated a new version of that update since a second security issue has been fixed in 2.6.19 (a directory traversal bug). I also applied applied the fix for the "new window" function which broke due to the change in the session id handling. Please checkout the updated package (and patch) at: http://people.debian.org/~hertzog/sql-ledger/ As soon as Petter (or anyone else) confirm that the package is OK, we should upload to the security mirror and release a DSA. Cheers, -- Raphaël Hertzog Premier livre français sur Debian GNU/Linux : http://www.ouaza.com/livre/admin-debian/