On Sun, Jan 22, 2006 at 11:35:15AM +0100, Martin Schulze wrote: > Lionel Elie Mamane wrote: > > I've tried to backport the upstream patch for kronolith 2, but most > > files touched don't actually exist in kronolith 1, as well as a > > sizeable part of the code touched in the files that do exist. Here is > > my measle backport attempt, but I'd really like someone that > > understands the issue to review it and see if nothing has been left > > out. Do we have someone of that calibre (and willing to do it) > > available in Debian? > > I've taken a look at the patch, and several lines contain changes not > suitable for a security update, i.e. fix different potential bugs or > change the code. I'm attaching the patch. More eyes checking would > be appreciated. >
A fairly odd bug. It only affects the app if REGISTER_GLOBALS is on, however, the app requires REGISTER_GLOBALS :| I'll do an audit of the code and try and find anything left over when I get home later. Neil -- __ .` `. [EMAIL PROTECTED] | Application Manager : :' ! ---------------- | Secure-Testing Team member '. `- gpg: B345BDD3 | Webapps Team member `- Please don't cc, I'm subscribed to the list
signature.asc
Description: Digital signature
