Re: upgrading xmlrpc-c

To: Tim Zingelman <tez%netbsd.org@localhost>
Subject: Re: upgrading xmlrpc-c
From: Adam Ciarciński <adam%NetBSD.org@localhost>
Date: Thu, 15 Nov 2012 08:16:38 +0100

>>> Package xmlrpc-c-ss-1.16.42 has a denial-of-service vulnerability.  It
>>> is also four years old.  Is there any reason we don't upgrade it to
>>> 1.32?
>> 
>> Just updated to 1.16.43.
>> We use a super-stable branch, that's why it's not 1.32.
> 
> Adam,
> 
> Can you confirm that this update fixes http://secunia.com/advisories/50648/ ?
> 
> Thanks,
> 
> - Tim

Looking at http://xmlrpc-c.sourceforge.net/change.html it seems the 
vulnerability only applies to the advanced release (1.32.xx). The super stable 
release (1.16.xx), which we use in pkgsrc, should not be affected.

Kind regards,
Adam

Follow-Ups:
- Re: upgrading xmlrpc-c
  - From: D'Arcy J.M. Cain

References:
- upgrading xmlrpc-c
  - From: D'Arcy J.M. Cain
- Re: upgrading xmlrpc-c
  - From: Adam Ciarciński
- Re: upgrading xmlrpc-c
  - From: Tim Zingelman

Prev by Date: Re: pkg_add problem with nosuid on /var
Next by Date: Re: pkg_add problem with nosuid on /var
Previous by Thread: Re: upgrading xmlrpc-c
Next by Thread: Re: upgrading xmlrpc-c
Indexes:

Home | Main Index | Thread Index | Old Index