[pkg-horde] Bug#342943: [Secure-testing-team] Re: Bug#342943: only
kronolith2 fixed
Martin Schulze
joey at infodrom.org
Sat Jan 28 20:23:31 UTC 2006
Neil McGovern wrote:
> On Sun, Jan 22, 2006 at 11:35:15AM +0100, Martin Schulze wrote:
> > Lionel Elie Mamane wrote:
> > > I've tried to backport the upstream patch for kronolith 2, but most
> > > files touched don't actually exist in kronolith 1, as well as a
> > > sizeable part of the code touched in the files that do exist. Here is
> > > my measle backport attempt, but I'd really like someone that
> > > understands the issue to review it and see if nothing has been left
> > > out. Do we have someone of that calibre (and willing to do it)
> > > available in Debian?
> >
> > I've taken a look at the patch, and several lines contain changes not
> > suitable for a security update, i.e. fix different potential bugs or
> > change the code. I'm attaching the patch. More eyes checking would
> > be appreciated.
> >
>
> A fairly odd bug. It only affects the app if REGISTER_GLOBALS is on,
> however, the app requires REGISTER_GLOBALS :|
>
> I'll do an audit of the code and try and find anything left over when I
> get home later.
Any news on this?
Regards,
Joey
--
Computers are not intelligent. They only think they are.
Please always Cc to me when replying to me on the lists.
More information about the pkg-horde-hackers
mailing list