Hi Ben, On Tuesday 29 July 2008 02:45, Ben Hutchings wrote: > This bug is rather likely to be exploitable for executing arbitrary > code. There also appear to be a bunch of places where buffer overflows > are possible.
Thanks for letting us know. I must say that reading that it crashes on very common IRC replies comforts me: I would presume that this drives people away from the program quickly for anything serious, so that exposure to these flaws is limited. Popcon vote is very low. > This package should probably be removed from the archive, as it is dead > upstream and likely to be riddled with security bugs if this is any > indicator. Unfortunately it is in stable already. For starters we can at least reduce the burden by preventing it to be in the next stable. I think that will need no discussion so I'll file that bug right away. Security team: do you think we should be removing this from current stable aswell in a next point release? Or do you see other solutions? cheers, Thijs
pgpTlqchunSTv.pgp
Description: PGP signature
