[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: upgrading xmlrpc-c
>>> Package xmlrpc-c-ss-1.16.42 has a denial-of-service vulnerability. It
>>> is also four years old. Is there any reason we don't upgrade it to
>> Just updated to 1.16.43.
>> We use a super-stable branch, that's why it's not 1.32.
> Can you confirm that this update fixes http://secunia.com/advisories/50648/ ?
> - Tim
Looking at http://xmlrpc-c.sourceforge.net/change.html it seems the
vulnerability only applies to the advanced release (1.32.xx). The super stable
release (1.16.xx), which we use in pkgsrc, should not be affected.
Main Index |
Thread Index |