1 |
On Wed, 2003-08-20 at 01:08, Rainer Groesslinger wrote: |
2 |
> On Wednesday 20 August 2003 00:47, Patrick Lauer wrote: |
3 |
[snip] |
4 |
> > Please discourage the use of lmule and xmule until fixed versions are |
5 |
> > available. |
6 |
> |
7 |
> lmule was removed from the tree several weeks ago because it isn't |
8 |
> developed anymore and unsupported for a few months now. |
9 |
ok |
10 |
|
11 |
> The problem - indeed - is, that even their latest unstable release |
12 |
> (1.5.6a) doesn't fix the problem and I observe xmule sharply and am |
13 |
> waiting for a fixed release or at least a patch. |
14 |
I recommend masking _all_ versions at the moment and issuing a GLSA. |
15 |
Maybe I'm overreacting, but I do not wish to have my computer rooted :) |
16 |
|
17 |
> I added an einfo about the security hole in all the xmule ebuilds and I |
18 |
> hope they release 1.4.4 or something soon (which will immediatly be |
19 |
> arch of course) |
20 |
That's good, but I don't think it's adequate since not everybody |
21 |
reinstalls xmule every day _and_ reads all einfo lines scrolling by. |
22 |
|
23 |
Btw, what's the official way for reporting vulnerabilities? |
24 |
On the website I found almost nothing ... maybe this could be made |
25 |
easier? Or did I miss something really obvious? |
26 |
|
27 |
Thanks for the almost instantaneous response, |
28 |
|
29 |
Patrick Lauer |
30 |
|
31 |
|
32 |
-- |
33 |
gentoo-dev@g.o mailing list |