Hi, On 29/05/12 20:13, Kitty PC wrote: > I just talked to one of the devs in regards with the Denial of Service > bug s/he said it has been fixed in SVN for two years
I think I see the relevant commit in SVN; it might have been fixed but I don't think there was an actual release containing that fix until now. And it's not stated very clearly in the release announcement; it would really make things easier for package maintainers, QA and security teams (not just Debian but other distros too) if the release had a more detailed changelog ideally mentioning the CVE ID of that DoS vulnerability. Anyway, thanks a lot for passing along the info you got from upstream. > [...] It'd be nice to have the new > release packaged up and the dependency issue fixed. The dev I spoke to > also said s/he was working on repackaging amsn for debian but due to > lack of time has not done so yet If nobody else gets around to it I could *maybe* try to package the new upstream version myself; I could use some practice at this, and I would certainly use it personally. > On an unrelated note I can't seem to see this bug on the > http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=amsn page yet. Follow the link through to src:amsn and it's there (filed against the source package, which is probably correct since your report was about build dependencies). Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
