tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: upgrading xmlrpc-c

>>> Package xmlrpc-c-ss-1.16.42 has a denial-of-service vulnerability.  It
>>> is also four years old.  Is there any reason we don't upgrade it to
>>> 1.32?
>> Just updated to 1.16.43.
>> We use a super-stable branch, that's why it's not 1.32.
> Adam,
> Can you confirm that this update fixes ?
> Thanks,
> - Tim

Looking at it seems the 
vulnerability only applies to the advanced release (1.32.xx). The super stable 
release (1.16.xx), which we use in pkgsrc, should not be affected.

Kind regards,

Home | Main Index | Thread Index | Old Index