Am Sonntag, 23. November 2008 schrieb Moritz Muehlenhoff: > On Sat, Nov 22, 2008 at 03:13:43PM +0100, Eckhart Wörner wrote: > > Package: quassel > > Severity: grave > > Tags: security > > Justification: user security hole > > > > Quassel version in Debian is vulnerable to IRC command injection as > > described in http://www.frsirt.com/english/advisories/2008/3164 Updated > > packages are already available at http://quassel.irc.org/ , according to > > quassel developers a backport for the fix is also available. > > I've been looking at the upstream homepage for a patch and upstream > describes the Debian package as "hopelessly outdated and unmaintained" > and point to an external build. As such, it should likely be dropped > from Lenny rather than fixed. It can be brought into proper shape for > Squeeze (more recent packages are already available on mentors.debian.net) > > Cheers, > Moritz
The package at mentors.debian.org is just a backport of the Ubunutu package and does not fit the debian package rules like copyright etc. The packages for 0.3.0 are ready for weeks but my uploader is too busy with lenny. New 0.2.0 packages containing the security patch will be available today. THX and take care, Tom -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
