[csw-maintainers] Fwd: [findutils 0004769]: Current stable release is vulnerable to CVE-2007-2452

Peter Bonivart bonivart at opencsw.org
Sun May 15 22:10:34 CEST 2011


On Sun, May 15, 2011 at 10:01 PM, Philip Brown <phil at bolthole.com> wrote:
> a) you did not verify you had tested it, or

Of course I tested it.

> b) you went too far in your updates. you did not merely patch the
> security hole, but changed the package.

I used ISC's official solution to the security flaw, I even went the
extra mile to package it the same way it already was even though that
was extra work since it by that time was done differently. It sure was
a minimal change.


More information about the maintainers mailing list