> I'm not aware of any security issues in Ettercap and the release
> announcement of 0.7.5 doesn't mention them either.
> The 0.7.4 release mentions several buffer overflows, but this version
> is already in testing.
Well, that depends on *which* 0.7.4 you mean, NG-0.7.4 vs v0.7.4, but in
any cas
On Wed, Jan 09, 2013 at 03:24:58PM +, Neil McGovern wrote:
> On Wed, Jan 09, 2013 at 02:40:25PM +, Barak A. Pearlmutter wrote:
> > As I've stated previously, I don't believe that backporting fixes is
> > really feasible. There are too many, they are mixed with
> > non-security-related modi
> Do you have CVE numbers, BTS references or any further detail?
No, I don't believe any such processes were engaged. But examination of
the actual changes shows many potentially security-relevant deltas. The
tool is most commonly used in "friendly" networks to look for
vulnerabilities, so this
On Wed, Jan 09, 2013 at 02:40:25PM +, Barak A. Pearlmutter wrote:
> As I've stated previously, I don't believe that backporting fixes is
> really feasible. There are too many, they are mixed with
> non-security-related modifications, there would be enormous opportunity
> for error, and ongoing
As I've stated previously, I don't believe that backporting fixes is
really feasible. There are too many, they are mixed with
non-security-related modifications, there would be enormous opportunity
for error, and ongoing security maintenance would be quite difficult.
Some background: upstream deve
Hi,
365 files changed, 23718 insertions(+), 14033 deletions(-)
This isn't something that can be reviewed, especially with the large
number of unrelated changes to (for example build system switch!) the
package.
The options remaining are:
* Backport specific fixes for the version in testing
* Re
That is a matter of release policy.
I believe I've made clear my own recommended action, listed the
alternative possibilities I consider realistic, and given supporting
reasoning. After that, this becomes a matter for the release team to
decide. They can take my recommendation, or do something e
Hi,
> A new upstream version 0.7.5 of ettercap (a network sniff/attack tool)
> fixes a variety of security issues. It does not seem practical to me
> to backport the fixes, because many of them are made on top of
> non-security-related changes, and teasing them apart etc would be a
> great deal o
On Thu, Nov 8, 2012 at 11:46:33 +, Barak A. Pearlmutter wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
>
> Hello release team,
>
> please unblock package ettercap.
>
> A new upstream version 0.7.5 of ettercap (a ne
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hello release team,
please unblock package ettercap.
A new upstream version 0.7.5 of ettercap (a network sniff/attack tool)
fixes a variety of security issues. It does not seem practical
10 matches
Mail list logo
