[pkg-horde] Bug#585165: Bug#585165: CVE-2010-1916: Security issue in Xinha
Gregory Colpart
reg at evolix.fr
Sat Jul 17 23:18:40 UTC 2010
Hi,
On Thu, Jul 15, 2010 at 02:51:07PM +0200, Alexander Reichle-Schmehl wrote:
>
> * Gregory Colpart <reg at evolix.fr> [100622 01:48]:
> [..]
> > > Please check if your code copy is affected and update the internal copy.
> > I think code copy of xinha in Horde is not affected because there
> > is no PHP code from Xinha on it. Majority of Xinha plugins are
> > not present.
>
> Is there a specific reason, why this bug is open, if the problem doesn't exist?
I was hoping a confirmation of my analysis. But from my point of
view, bug should be closed.
> Okay, there is still:
>
> * Moritz Muehlenhoff <jmm at debian.org> [100609 19:05]:
> [..]
> > There's already an ITP for xinha (Bug 479708) and since four packages
> > currently in the archive use xinha (openacs, Horde, serendipity and
> > dotlrn) it would be nice if we could migrate to a single package
> > for Squeeze.
>
> But a the package doesn't seem to have made much progress recently, what
> about a:
>
> retitle 585165 Please use system xinha instead of own copy
> severity 585165 important
> block 585165 bye 479708
Ok. I do that.
Regards,
--
Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
More information about the pkg-horde-hackers
mailing list