'[gentoo-dev] Last rites for dev-php/asp2php'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    [gentoo-dev] Last rites for dev-php/asp2php
From:       Stuart Herbert <stuart () gentoo ! org>
Date:       2004-12-30 22:39:34
Message-ID: 200412302239.34775.stuart () gentoo ! org
[Download RAW message or body]

Hi,

dev-php/asp2php contains two buffer overflow vulnerabilities [1] disclosed by 
DJ Bernstein.  We've had no luck in convincing the original author that these 
security holes need fixing, and indeed the author has recommended that we 
drop asp2php from Gentoo.

I've masked dev-php/asp2php, and as things stand I'll be removing this package 
from the Gentoo tree on Sunday.  If anyone wants to step in and save this 
package, please do so before then.

[1] http://bugs.gentoo.org/show_bug.cgi?id=74698

Best regards,
Stu
-- 
Stuart Herbert                                              stuart@gentoo.org
Gentoo Developer                                       http://www.gentoo.org/
                                                   http://stu.gnqs.org/diary/

GnuPG key id# F9AFC57C available from http://pgp.mit.edu
Key fingerprint = 31FB 50D4 1F88 E227 F319  C549 0C2F 80BA F9AF C57C
--

--
gentoo-dev@gentoo.org mailing list

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic