Re: [SECURITY] [DSA 572-1] New ecartis packages fix unauthorised access to admin interface
Unsubscribe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ecartis?
In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes: >Hi, > there are still two critical bugs filed against ecartis, one is 1 year >old, another is 203 days old. Second one seems to have been closed, and >then reopened. > Does this mean ecartis is still vulnerable ( I don't care about first, > postfix-related too much, but it's still depressing )...? Both bugs have been fixed in unstable for a long time. The security team recently fixed the security problems in DSA-467-1, but forgot to close the associated bug 210444. I am doing so now. As the current maintainer of the debian ecartis package, I was happy to see the DSA for the long-standing bugs. I had looked at building patches, but the information on the ecartis web site was incomplete and the standard policy is not to allow new releases in stable. The security team did not consult me before doing the DSA. (They may have consulted one of the previous maintainers.) It is possible they may have fixed the other bug at the same time. -- Blars Blarson [EMAIL PROTECTED] http://www.blars.org/blars.html With Microsoft, failure is not an option. It is a standard feature.
Re: ecartis?
In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes: >Hi, > there are still two critical bugs filed against ecartis, one is 1 year >old, another is 203 days old. Second one seems to have been closed, and >then reopened. > Does this mean ecartis is still vulnerable ( I don't care about first, > postfix-related too much, but it's still depressing )...? Both bugs have been fixed in unstable for a long time. The security team recently fixed the security problems in DSA-467-1, but forgot to close the associated bug 210444. I am doing so now. As the current maintainer of the debian ecartis package, I was happy to see the DSA for the long-standing bugs. I had looked at building patches, but the information on the ecartis web site was incomplete and the standard policy is not to allow new releases in stable. The security team did not consult me before doing the DSA. (They may have consulted one of the previous maintainers.) It is possible they may have fixed the other bug at the same time. -- Blars Blarson [EMAIL PROTECTED] http://www.blars.org/blars.html With Microsoft, failure is not an option. It is a standard feature. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ecartis?
Hi, there are still two critical bugs filed against ecartis, one is 1 year old, another is 203 days old. Second one seems to have been closed, and then reopened. Does this mean ecartis is still vulnerable ( I don't care about first, postfix-related too much, but it's still depressing )...? -- Dariush Pietrzak, Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
ecartis?
Hi, there are still two critical bugs filed against ecartis, one is 1 year old, another is 203 days old. Second one seems to have been closed, and then reopened. Does this mean ecartis is still vulnerable ( I don't care about first, postfix-related too much, but it's still depressing )...? -- Dariush Pietrzak, Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
