Hi! * Giacomo A. Catenazzi <c...@cateee.net> [100607 09:29]:
>> Please update lxr-cvs to the new stable version. The new version 0.9.8 of >> lxrng fix several cross-site scripting vulnerabilities (CVE-2009-4497) >> reported >> in bug #575745 >> The new version was published 2010-01-15 on >> http://sourceforge.net/projects/lxr/ > Yes, I'll push the security fix. > > Note that the new upstream version is not a releasable > version: it was an alpha version with the security fix added, > but still it is not really working. Any news on this? There are four security related RC bugs open against lxr and lxr-cvs. And as popcon seems to report only one actively used installation, I wonder if removing these packages wouldn't be an option. Best Regards, Alexander -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
