tags 484728 + patch thanks Hi Alvaro, * Alvaro Herrera <[EMAIL PROTECTED]> [2008-06-06 07:29]: > Package: roundup > Version: 1.4.4 > Severity: grave > Tags: security > Justification: user security hole > > > I see that there isn't a fix for Debian for this bug: > > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1475 > http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788 > > Apparently, the Debian version is thus vulnerable.
Confirmed. Toni, the previous NMU was not vulnerable to this, please try to keep track of upstream vulnerabilities so such things don't get overwritten introducing new vulnerabilities. We already had this marked as not-affected because the xml-rpc code was introduced in 1.4.0 and only noticed this because of this mail now. Here is a patch for this: http://sourceforge.net/tracker/download.php?group_id=31577&atid=402788&file_id=269102&aid=1907211 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpim1tqJnqTa.pgp
Description: PGP signature

