severity 409703 grave
thanks
Raphael Hertzog wrote:
> Indeed, none of the vulnerabilities which require an account have been
> fixed in SQL-Ledger. Chris Travers promised to post an unofficial patch
> for sql-ledger but I can't find on the sql-ledger mailing list...
We talked about this before in private mail. Please either
a) Document clearly in README.Debian that sql-ledger is not suitable
for public installations w/o completely trusted users (which could even
in ordner for an accounting solution) and readjust to non-RC severity
afterwards
or
b) Apply fixes for the outstanding issues
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
