[pkg-horde] Bug#342943: [Secure-testing-team] Re: Bug#342943: only kronolith2 fixed

Neil McGovern neilm at debian.org
Sun Jan 22 14:40:48 UTC 2006

On Sun, Jan 22, 2006 at 11:35:15AM +0100, Martin Schulze wrote:
> Lionel Elie Mamane wrote:
> > I've tried to backport the upstream patch for kronolith 2, but most
> > files touched don't actually exist in kronolith 1, as well as a
> > sizeable part of the code touched in the files that do exist. Here is
> > my measle backport attempt, but I'd really like someone that
> > understands the issue to review it and see if nothing has been left
> > out. Do we have someone of that calibre (and willing to do it)
> > available in Debian?
> I've taken a look at the patch, and several lines contain changes not
> suitable for a security update, i.e. fix different potential bugs or
> change the code.  I'm attaching the patch.  More eyes checking would
> be appreciated.

A fairly odd bug. It only affects the app if REGISTER_GLOBALS is on,
however, the app requires REGISTER_GLOBALS :|

I'll do an audit of the code and try and find anything left over when I
get home later.

 .`  `. neilm at debian.org | Application Manager
 : :' ! ---------------- | Secure-Testing Team member
 '. `-  gpg: B345BDD3    | Webapps Team member
   `-   Please don't cc, I'm subscribed to the list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-horde-hackers/attachments/20060122/72655cef/attachment.pgp

More information about the pkg-horde-hackers mailing list