Nico Golde wrote: > > CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before > > 1.1.5 and ...) > > - - sql-ledger <unfixed> (bug #409703) > > + - sql-ledger <unfixed> (bug #409703; medium) > > [etch] - sql-ledger <no-dsa> (Should only be used with trusted users) > > NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger > > NOTE: is not secure with untrusted users. > > Just wanted to comment this, noting the bug in README.Debian > does not fix it and doesn't help users who don't read the > file, just if someone wonders why I didn't set low :)
Please use [email protected] for tracker relevant discussion. CCing. It's certainly _not_ a medium issue, as it's completely beyond what is supported for this package. If you want more reliable ways to inform users than README.Debian.security then please help work on #436161. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
