Tanguy Ortolo, 2012-08-17 11:04+0200:
I have just had a look to the code: squeeze is affected. I shall prepare an update by hand.
Well, after looking more closely, it appears that in fact, it is not. The fix for version 0.0.20120125 in testing does apply to 0.0.20091225 in stable after some modifications, but:
1. it breaks some functionnality;2. it is useless, because it is meant to cover a use case that did not exist at the time (the code to process the POST argument do=media fo the possible attack is only present in 0.0.20120125).
So, sorry for my hesitation with this bug… -- ,--. : /` ) Tanguy Ortolo <xmpp:tan...@ortolo.eu> | `-' Debian Developer <irc://irc.oftc.net/Tanguy> \_
signature.asc
Description: Digital signature
