On Wednesday 20 August 2003 01:25, Patrick Lauer wrote:

> > The problem - indeed - is, that even their latest unstable release
> > (1.5.6a) doesn't fix the problem and I observe xmule sharply and am
> > waiting for a fixed release or at least a patch.
>
> I recommend masking _all_ versions at the moment and issuing a GLSA.
> Maybe I'm overreacting, but I do not wish to have my computer rooted
> :)

I did that, just didn't mention it in my email...if you re-sync you 
should get the new ebuilds + package.mask

> > I added an einfo about the security hole in all the xmule ebuilds
> > and I hope they release 1.4.4 or something soon (which will
> > immediatly be arch of course)
>
> That's good, but I don't think it's adequate since not everybody
> reinstalls xmule every day _and_ reads all einfo lines scrolling by.

that einfo is at pkg_postinst() so everbody should see it (at least if 
nothing else is merged immediatly afterwards ;)

-- 
Rainer Groesslinger
http://dev.gentoo.org/~scandium/