[pkg-horde] Bug#342943: [Secure-testing-team] Re: Bug#342943: only kronolith2 fixed

Martin Schulze joey at infodrom.org
Sat Jan 28 20:23:31 UTC 2006

Neil McGovern wrote:
> On Sun, Jan 22, 2006 at 11:35:15AM +0100, Martin Schulze wrote:
> > Lionel Elie Mamane wrote:
> > > I've tried to backport the upstream patch for kronolith 2, but most
> > > files touched don't actually exist in kronolith 1, as well as a
> > > sizeable part of the code touched in the files that do exist. Here is
> > > my measle backport attempt, but I'd really like someone that
> > > understands the issue to review it and see if nothing has been left
> > > out. Do we have someone of that calibre (and willing to do it)
> > > available in Debian?
> > 
> > I've taken a look at the patch, and several lines contain changes not
> > suitable for a security update, i.e. fix different potential bugs or
> > change the code.  I'm attaching the patch.  More eyes checking would
> > be appreciated.
> > 
> A fairly odd bug. It only affects the app if REGISTER_GLOBALS is on,
> however, the app requires REGISTER_GLOBALS :|
> I'll do an audit of the code and try and find anything left over when I
> get home later.

Any news on this?



Computers are not intelligent.  They only think they are.

Please always Cc to me when replying to me on the lists.

More information about the pkg-horde-hackers mailing list