> Do you have CVE numbers, BTS references or any further detail?
No, I don't believe any such processes were engaged. But examination of
the actual changes shows many potentially security-relevant deltas. The
tool is most commonly used in "friendly" networks to look for
vulnerabilities, so this does not render it useless. But I would be
surprised if it were not possible to create hostile traffic that would
at the very least crash the tool, and likely subvert it.
> So, can you please let me know if you're going to backport the fixes,
> or if I should remove it from wheezy.
As I've already said repeatedly, I don't think backporting all and only
the security-relevant patches is a realistic option.
I could go back to the old build system while keeping the updated C
sources. This would dramatically reduce the delta count, but seems
silly.
--Barak.
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87ehhuxr92....@cs.nuim.ie
