Package: rhapsody Severity: grave Tags: security Justification: user security hole
Rhapsody has format string and buffer overflow vulnerabilities in almost every IRC command it supports: http://www.securityfocus.com/archive/1/archive/1/463092/100/0/threaded Given that it includes so many "Secure programming 101" errors, that it only has six users in popcon, was never part of a stable release and is a very early 0.2x version the correct fix appears to be to remove it from Etch and let it mature for Lenny. It's not that Debian is short of IRC clients. Cheers, Moritz -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
