| 1 |
On Wed, 2003-08-20 at 01:08, Rainer Groesslinger wrote: |
| 2 |
> On Wednesday 20 August 2003 00:47, Patrick Lauer wrote: |
| 3 |
[snip] |
| 4 |
> > Please discourage the use of lmule and xmule until fixed versions are |
| 5 |
> > available. |
| 6 |
> |
| 7 |
> lmule was removed from the tree several weeks ago because it isn't |
| 8 |
> developed anymore and unsupported for a few months now. |
| 9 |
ok |
| 10 |
|
| 11 |
> The problem - indeed - is, that even their latest unstable release |
| 12 |
> (1.5.6a) doesn't fix the problem and I observe xmule sharply and am |
| 13 |
> waiting for a fixed release or at least a patch. |
| 14 |
I recommend masking _all_ versions at the moment and issuing a GLSA. |
| 15 |
Maybe I'm overreacting, but I do not wish to have my computer rooted :) |
| 16 |
|
| 17 |
> I added an einfo about the security hole in all the xmule ebuilds and I |
| 18 |
> hope they release 1.4.4 or something soon (which will immediatly be |
| 19 |
> arch of course) |
| 20 |
That's good, but I don't think it's adequate since not everybody |
| 21 |
reinstalls xmule every day _and_ reads all einfo lines scrolling by. |
| 22 |
|
| 23 |
Btw, what's the official way for reporting vulnerabilities? |
| 24 |
On the website I found almost nothing ... maybe this could be made |
| 25 |
easier? Or did I miss something really obvious? |
| 26 |
|
| 27 |
Thanks for the almost instantaneous response, |
| 28 |
|
| 29 |
Patrick Lauer |
| 30 |
|
| 31 |
|
| 32 |
-- |
| 33 |
gentoo-dev@g.o mailing list |
Archives