[prev in list] [next in list] [prev in thread] [next in thread]
List: gentoo-dev
Subject: [gentoo-dev] Last rites for dev-php/asp2php
From: Stuart Herbert <stuart () gentoo ! org>
Date: 2004-12-30 22:39:34
Message-ID: 200412302239.34775.stuart () gentoo ! org
[Download RAW message or body]
Hi,
dev-php/asp2php contains two buffer overflow vulnerabilities [1] disclosed by
DJ Bernstein. We've had no luck in convincing the original author that these
security holes need fixing, and indeed the author has recommended that we
drop asp2php from Gentoo.
I've masked dev-php/asp2php, and as things stand I'll be removing this package
from the Gentoo tree on Sunday. If anyone wants to step in and save this
package, please do so before then.
[1] http://bugs.gentoo.org/show_bug.cgi?id=74698
Best regards,
Stu
--
Stuart Herbert stuart@gentoo.org
Gentoo Developer http://www.gentoo.org/
http://stu.gnqs.org/diary/
GnuPG key id# F9AFC57C available from http://pgp.mit.edu
Key fingerprint = 31FB 50D4 1F88 E227 F319 C549 0C2F 80BA F9AF C57C
--
--
gentoo-dev@gentoo.org mailing list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic