Justin Pryzby <[EMAIL PROTECTED]> writes: > Matej Vela, Sat, 18 Feb 2006 10:00:13 +0100: >>Note that the following packages contain copies of uudeview: >> >> dnprogs: mail/uulib/uulib.c (0.5.13) >> goldedplus: build/goldlib/uulib/uulib.c (0.5.15) >> libconvert-uulib-perl: uulib/uulib.c (0.5.20) > > Should this bug be cloned against the first two packages?
Feel free to do so -- hopefully it will cause some activity. Someone should also check whether they're affected by earlier vulnerabilities [1]. > BTW, how did you determine that uudeview was included in them? I have > filed #344980 which I would use if it were available .. I searched the archive with a home-brewn script [2] (a local mirror helps :-). IIRC the security team has something similar. Note that solving #344980 won't help with dbs-style embedded tarballs, e.g. it wouldn't have caught goldedplus. [1] <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0333> [2] <http://people.debian.org/~vela/grep-sources> Thanks, Matej -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
