[pkg-horde] Bug#342943: [Secure-testing-team] Re: Bug#342943: only
kronolith2 fixed
Neil McGovern
neilm at debian.org
Sun Jan 22 14:40:48 UTC 2006
On Sun, Jan 22, 2006 at 11:35:15AM +0100, Martin Schulze wrote:
> Lionel Elie Mamane wrote:
> > I've tried to backport the upstream patch for kronolith 2, but most
> > files touched don't actually exist in kronolith 1, as well as a
> > sizeable part of the code touched in the files that do exist. Here is
> > my measle backport attempt, but I'd really like someone that
> > understands the issue to review it and see if nothing has been left
> > out. Do we have someone of that calibre (and willing to do it)
> > available in Debian?
>
> I've taken a look at the patch, and several lines contain changes not
> suitable for a security update, i.e. fix different potential bugs or
> change the code. I'm attaching the patch. More eyes checking would
> be appreciated.
>
A fairly odd bug. It only affects the app if REGISTER_GLOBALS is on,
however, the app requires REGISTER_GLOBALS :|
I'll do an audit of the code and try and find anything left over when I
get home later.
Neil
--
__
.` `. neilm at debian.org | Application Manager
: :' ! ---------------- | Secure-Testing Team member
'. `- gpg: B345BDD3 | Webapps Team member
`- Please don't cc, I'm subscribed to the list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-horde-hackers/attachments/20060122/72655cef/attachment.pgp
More information about the pkg-horde-hackers
mailing list