Your message dated Thu, 15 May 2008 14:14:42 -0500
with message-id <[EMAIL PROTECTED]>
and subject line elog has been removed from Debian, closing #392016
has caused the Debian Bug report #392016,
regarding elog: Needs a security audit
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
392016: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: elog
Severity: grave
Tags: security
Justification: user security hole
In #389361 a complete lack of web script sanitising for logbook entries
was discovered and DSA-967 already fixed lots of vulnerabilities.
AFAICT Debian is the only distribution including elog, which seems
to have received relatively few external review. I guess it should
only be included in Etch after an audit by the debian-audit people.
Audit people, do you think you can review it before Etch?
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
--- End Message ---
--- Begin Message ---
Version: 2.6.3+r1764-1.1+rm
The elog package has been removed from Debian testing, unstable and
experimental, so I am now closing the remaining open bugs.
For more information about this package's removal, read
http://bugs.debian.org/472279 . That bug might give the reasons why
this package was removed, and suggestions of possible replacements.
Don't hesitate to reply to this mail if you have any question.
Thank you for your contribution to Debian.
Kind regards,
--
Raphael Geissert
--- End Message ---
