Evgeni Golov wrote: > On Sun, 2 Nov 2008 14:23:39 +0100 Christian Perrier wrote: > >> While looking around for RC bugs, I noticed several of these against >> packages that provide this Snoopy stuff on their own (mediamate, >> opendb, etc.). > >>From a quick view at bts.turmzimmer, you mean: > ampache 504169 > gforge-plugin-scmcvs 504258 > mahara 504170 > mediamate 504172 > opendb 504173 > pixelpost 504171 > Did I miss any?
You should better refer to http://security-tracker.debian.net/tracker/CVE-2008-4796 If you find any package missing on that list please contact the security team so it is updated. Christian Perrier wrote: > I looked at them and, most of the time, the fix is to depend on > libphp-snoopy and avoid providing a private (and outdated) copy of > Snoopy. That's right, but there are a couple of them which are also vulnerable on etch, and libphp-snoopy is not available there. > >> However, I have no PHP skills are all to be able to fix this >> myself. If you have such skills, it would be good to fix these packages.... > > Some of the above are alreaddy fixed in Sid, I'll have a look at the > others later (or tomorrow, depends on my time). I will also have to try a go on them tomorrow, but I've been rather busy dealing with some vulns. > > Regards > Evgeni Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
