Hi all, Time to revive the ML! <:o)
Maybe you were already familiar with this bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654540 The issue seems to be escalating: https://bugs.gentoo.org/show_bug.cgi?id=411205 https://bugzilla.redhat.com/show_bug.cgi?id=821416 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0138 However, it really shouldn't be a big issue, because the port is only opened for a couple of seconds at login and another couple of seconds during a FT, not more. On the other hand, it's really not easy to completely fix the bug, we don't know the expected address of the other person and can't easily close the connection. The only thing possible would be to block offending IP addresses after they send N packets of "junk", but that's overkill IMHO and might reduce performance otherwise. I think we should answer to the tracker bug (and everyone else involved) explaining why it's not a big issue.... and then close the tracker already. There's also the libpng bug pending (with 1.5 some images appear corrupted), moving all .so files out of /usr/share , and this libng problem that needs a real fix https://bugs.launchpad.net/ubuntu/+source/amsn/+bug/875302 . And, of course, MSNP2Pv2, for which I have an idea that might work out - if it does, I'll have it ready next week :D (Or maybe do a 0.98.5 release with the rest if this doesn't work out?) OK, now for the TODO... if we can get this done around the weekend it would be great! BTW, if someone wants to jump in and volunteer for any of those tasks (especially for one of Phil's two tasks), it would be perfect, but we have an assignment anyway. 0.99 TODO ======== 1) Close the "vulnerability" bug, explain that it really is no vulnerability, get back to all distros... then possibly close the tracker and redirect to forum/ML/IRC 2) MSNP2Pv2 (me, possibly with help from Youness) 3) libpng bug (Boris) 4) Moving .so files out of /usr/share (Phil) 5) webcam libng bug (Phil) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Amsn-devel mailing list Amsn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amsn-devel
