Fwd: security bugfix in PET r743
Martín Ferrari
martin.ferrari at gmail.com
Fri Sep 4 04:33:04 UTC 2009
Holger,
On Thu, Sep 3, 2009 at 12:23, Holger Levsen<holger at layer-acht.org> wrote:
> On Donnerstag, 3. September 2009, Martín Ferrari wrote:
>> First of all, sorry for the mass mailing.I didn''t know if all of you
>> check the mailing list.
>>
>> I saw you were owners of PET installations in alioth, so please see
>> this mail below.
>
> I had no idea I was?!
You had set up an instance for debian-edu a long time ago.
>> If you happen to run a PET instance that is not automatically synched
>> with the main Subversion repository, please take the necessary steps
>> to secure it.
>
> what do I have to do?
If you're still using it, you might consider upgrading or backporting
the fix. If not, just disable the cronjob :)
Anyway, the current fix has a nasty bug that results in a DoS with
some regexes, we're working on fixing that.
--
Martín Ferrari
More information about the PET-devel
mailing list