I'm another Olivier, but I can provide some feedback still.
As far as we're concerned all reported bugs, regarding insecure usage of tmp, have been fixed in Sympa. It's now up to the Debian maintainer to apply the patches to the Debian package.
If we've missed something, please let us know... Thomas Viehmann a écrit :
sympa has two RC bugs open for about one month, #496520 about insecure usage of tmp (which looks at least partially fixed upstream, but has no maintainer response) and #498144 about problems on upgrade (with an initial maintainer response "will investigate, also happened to people at the last security upgrades", but no visible activity since). Unless the maintainer (or perhaps Olivier who forwarded the first bug upstream, CCed) resolve these bugs soon, it might be better to not release sympa with lenny. It does not seem to have reverse dependencies. There are a few users (double digit popcon), but not exceedingly many.
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]