[Secure-testing-team] Sorting out the Quake2 situation
Michael Gilbert
michael.s.gilbert at gmail.com
Wed Dec 2 04:20:05 UTC 2009
On Wed, 2 Dec 2009 11:49:56 +0800 Paul Wise wrote:
> On Wed, Dec 2, 2009 at 11:44 AM, Michael Gilbert wrote:
> > On Wed, 2 Dec 2009 09:28:31 +0800 Paul Wise wrote:
> >
> >> On Wed, Dec 2, 2009 at 2:24 AM, Guillem Jover wrote:
> >>
> >> > Right, as there's at least 3 of them (Quake II/III) already in the
> >> > archive: openarena, alien-arena and warsow.
> >>
> >> Could someone let the Debian security team know about that? Their
> >> embedded-code-copies file doesn't mention these three:
> >>
> >> http://svn.debian.org/wsvn/secure-testing/data/embedded-code-copies
> >
> > thanks for pointing this out. i have added these to the list. if you
> > all can check your packages and forward any other embedded code copies
> > included in your games packages, that would be immensely helpful.
>
> On that note, not sure if the security team is aware of it, but this
> site can be immensely useful for that:
>
> http://source.debian.net/source/
yes. this is useful when you are looking for a specific duplicated code
set, but it doesn't really help to determine which embedded copies a
particular package has. that depends more on human
experience/familiarity, and is what i am asking for.
> Fun fact; there are 442 copies of different versions of md5.c in the archive:
>
> http://source.debian.net/source/search?path=md5.c
yikes!
mike
More information about the Secure-testing-team
mailing list