Re: Security bug in old libgtop-1.0
- From: Andrew Sobala <aes gnome org>
- To: Bastien Nocera <hadess hadess net>
- Cc: GNOME Desktop Hackers <desktop-devel-list gnome org>, martin home-of-linux org, dave srce hr
- Subject: Re: Security bug in old libgtop-1.0
- Date: 11 May 2003 22:49:43 +0100
On Sun, 2003-05-11 at 13:34, Bastien Nocera wrote:
> On Sun, 2003-05-11 at 13:25, Andrew Sobala wrote:
> > Hi,
> >
> > Another bug heads-up. Apparently we're distributing libgtop-1.0 with a
> > remote exploit (http://bugzilla.gnome.org/show_bug.cgi?id=112765). The
> > bug's got a patch.
> >
> > Although it's unmaintained, I think we should fix this since some apps
> > will still be using it. If the maintainers think it's too much work and
> > give me the OK, I'll do the release (with just that one patch on top of
> > the last 1.0 release).
>
> Martin was the maintainer at the time, and I don't think he is very
> interested in fixing this issue.
>
> I guess you can release a fixed version. Is libgtop 2.x vulnerable?
After conversation with Kjartan Maraas in IRC and the fact that libgtop
isn't being released very much, I'm going to release libgtop-1.0.14 and
libgtop-2.0.2 soon. The assumption is Martin won't mind; please shout if
that's not the case.
Especially with the 1.x version I have to play with some build stuff to
make a proper release tarball, so it will be a couple of days. I suppose
this gives people a chance to shout "stop!" Stuff is tagged in CVS.
--
Andrew Sobala <aes gnome org>
"A freudian slip is when you say one thing but you mean your mother." -- unknown
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]