From: Peter E. <pe...@gm...> - 2005-07-29 07:49:06
|
Am Montag, 25. Juli 2005 10:26 schrieb Ralf Becker: > > egroupware (1.0.0.007-2.dfsg-2sarge1) stable-security; urgency=high > > * Fixed XML-RPC remote execution security problem (CAN-2005-1921) > > (closes: #317263) > > Unfortunally this .007-2 includes the (after a security fix) not working > projects applications. And as the number suggests, it might be based on > our .007-3 packages, which render xmlrpc unusable. It can also be Peter > uses an own numbering system, I dont know ... This is 1.0.0.007-2 plus the XML-RPC security fix. > Maybe Peter finds some time to update to our latest 1.0.0.008-2. Debian stable only allows fixes for security problems or if the application is totally broken. Before I can make the argument to the release managers that this is the the case for the project application, I need to investigate what changes were made and which ones are relevant to this fix. I can't just upgrade to a newer upstream version without having a detailed account of the changes. |