Bug#987537: RM: scrollz -- RoQA unmaintained, dead upstream, has security issues

On Mon, May 03, 2021 at 07:58:06AM +0200, Tobias Frost wrote: > I just gave upstream a pointer to the ircii code that fixes this CVE. Maybe > they have tested it? I reached out via email yesterday and I'm awaiting a response. > (MIA Team hat partly on) That sounds a bit like the package should

Bug#987537: RM: scrollz -- RoQA unmaintained, dead upstream, has security issues

On Mon, May 03, 2021 at 07:58:06AM +0200, Tobias Frost wrote: >... > > I don't actually know the procedures for a security update, in any case. > > so if anyone has advice on next steps, I'd appreciate it. > > https://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security > and >

Bug#987537: RM: scrollz -- RoQA unmaintained, dead upstream, has security issues

On Tue, Apr 27, 2021 at 10:02:13AM -0600, Mike Markley wrote: > I do see that there's a recent PR upstream to fix this CVE: > https://github.com/ScrollZ/ScrollZ/pull/26 I see that this PR has now been merged. I rebuilt 2.2.3-1 with the ctcp.c portion of the patch locally, but I haven't installed

Bug#987537: RM: scrollz -- RoQA unmaintained, dead upstream, has security issues

X-MIA-Summary; - ; acks inactivity/key issue in scrollz bug. On Sun, May 02, 2021 at 09:58:30PM -0600, Mike Markley wrote: Hi Mike, many thanks for your reply! > On Tue, Apr 27, 2021 at 10:02:13AM -0600, Mike Markley > wrote: > > I do see that there's a recent PR upstream to fix this CVE: >

Bug#987537: RM: scrollz -- RoQA unmaintained, dead upstream, has security issues

On Sun, Apr 25, 2021 at 11:33:32AM +0200, Tobias Frost wrote: > Additionally, even if there was a new upstream version in 2016, it was never > packaged for Debian. This lets me believe that the package is no longer > maintained in Debian. > > Due to the fact that the scrollz has an open security

Bug#987537: RM: scrollz -- RoQA unmaintained, dead upstream, has security issues

On Sun, Apr 25, 2021 at 11:33:32AM +0200, Tobias Frost wrote: > Package: scrollz > Severity: serious > > user debian-rele...@lists.debian.org > usertags -1 + bsp-2021-04-AT-Salzburg > thank you > > Dear maintainers, > > according to my research, scrollz is a fork of ircii, also in Debian. >

Bug#987537: RM: scrollz -- RoQA unmaintained, dead upstream, has security issues

Package: scrollz Severity: serious user debian-rele...@lists.debian.org usertags -1 + bsp-2021-04-AT-Salzburg thank you Dear maintainers, according to my research, scrollz is a fork of ircii, also in Debian. However, scrollz last update was 2016 while icrii is still frequently releasing new