[csw-maintainers] Fwd: [findutils 0004769]: Current stable release is vulnerable to CVE-2007-2452

Philip Brown phil at bolthole.com
Sun May 15 22:16:19 CEST 2011


On Sun, May 15, 2011 at 1:10 PM, Peter Bonivart <bonivart at opencsw.org> wrote:
> On Sun, May 15, 2011 at 10:01 PM, Philip Brown <phil at bolthole.com> wrote:
>> a) you did not verify you had tested it, or
>
> Of course I tested it.
>
>> b) you went too far in your updates. you did not merely patch the
>> security hole, but changed the package.
>
> I used ISC's official solution to the security flaw, I even went the
> extra mile to package it the same way it already was even though that
> was extra work since it by that time was done differently. It sure was
> a minimal change.


since you seem to have this fresh in your mind, and I do not... if you
wish to discuss that specific incident further, perhaps you can dig up
the specific email where I said the reason why it was not accepted.


More information about the maintainers mailing list