Cameron Dale <[EMAIL PROTECTED]> writes: > A new version of the TorrentFlux package has been uploaded and it is now > RC-free. As TorrentFlux was removed from testing on Dec. 1st, I am now > requesting it be re-added. The new version (2.1-7) only fixes the security > related issues found in the previous version, no other changes have been made. > For details of the changes made in that version, please see this bug report: > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400582
Sorry, but the enormous number of fixes included there make me doubt that
all security holes have been found.
If upstream isn't able to get things like 'shell_exec("bla
\"".$torrent."\"");' right the first time, chances are good that dozens
of other holes are still not found. Unless you provide some sort of
evidence of a complete security audit, I will not approve this package.
Marc
--
BOFH #448:
vi needs to be upgraded to vii
pgpNSXUfdmDqq.pgp
Description: PGP signature
