El jueves, 20 de abril de 2006 22:09, David Ayers escribió: > Package: viewcvs > Severity: normal [...] > So the question is, does this bug have security implications that would > allow it to be fixed in sarge? It seems that even the unstable versions of > the viewcvs package are still using an old snapshot (unstable: > 0.9.2+cvs.1.0.dev.2004.07.28-4): > http://packages.debian.org/cgi-bin/search_packages.pl?keywords=viewcvs&sear >chon=names&subword=1&version=all&release=all
I do not see which security implications could make that '+' character
is not
going escaped. I am not denying it, but I would find it very strange.
> So I suppose this package is not being maintained any longer (last
> 'unstable' ChangeLog Thu, 21 Jul 2005) and I haven't found any 'viewvc'
> package.
No, you are wrong. I am maintaining it, but the switch to viewvc is not
yet
done. I am spending time making the changes. I hope to have it in a couple of
weeks.
Best regards,
Ender.
--
Network engineer
Debian Developer
pgpQJERRN3bxr.pgp
Description: PGP signature
