Jonathan Wiltshire wrote: > Dear SRMs, > > (paraphrased from my mail to security team): > > Versions of adtool prior to 1.3.2 are vulnerable to leaking password > information for foreign accounts on the proc title if given as arguments > to the program. I came across this by chance in a year-old bug on > Launchpad [1], and the suggested patch has been integrated upstream in > unstable with slight modification [2]. > > It's not serious enough to warrant a security update, but Thijs > suggested getting it into Lenny in the upcoming point release if it's > not too late already. The patch is trivial. > > However, between the versions in stable and testing I adopted adtool, so > my question is: > > 1. would you like an upload, or is it too late?
Sure, please do. > 2. if so, is a maintainer change acceptable in the same upload? Yes. > 3. as a DM only, can you accept an upload directly or will I need > sponsorship? Just try, it should work AFAICS. Cheers Luk -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
