From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-5802-arch-gentoo-dev=gentoo.org@gentoo.org>
Received: (qmail 19631 invoked by uid 1002); 19 Aug 2003 23:32:39 -0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 4558 invoked from network); 19 Aug 2003 23:32:39 -0000
From: Rainer Groesslinger <scandium@gentoo.org>
To: gentoo-dev@gentoo.org
Date: Wed, 20 Aug 2003 01:32:47 +0200
User-Agent: KMail/1.5.3
References: <1061333257.14174.2.camel@localhost> <200308200108.34719.scandium@gentoo.org> <1061335558.14357.7.camel@localhost>
In-Reply-To: <1061335558.14357.7.camel@localhost>
MIME-Version: 1.0
Content-Type: multipart/signed;
  protocol="application/pgp-signature";
  micalg=pgp-sha1;
  boundary="Boundary-02=_gOrQ/yulde38DPp";
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Message-Id: <200308200132.48140.scandium@gentoo.org>
Subject: Re: [gentoo-dev] Security Problems: xmule, lmule
X-Archives-Salt: a6a8934a-9b36-4d94-90b8-4ecb1e10431e
X-Archives-Hash: 8a077e0818b21fb1e5a48de07131e8f8

--Boundary-02=_gOrQ/yulde38DPp
Content-Type: text/plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Wednesday 20 August 2003 01:25, Patrick Lauer wrote:

> > The problem - indeed - is, that even their latest unstable release
> > (1.5.6a) doesn't fix the problem and I observe xmule sharply and am
> > waiting for a fixed release or at least a patch.
>
> I recommend masking _all_ versions at the moment and issuing a GLSA.
> Maybe I'm overreacting, but I do not wish to have my computer rooted
> :)

I did that, just didn't mention it in my email...if you re-sync you=20
should get the new ebuilds + package.mask

> > I added an einfo about the security hole in all the xmule ebuilds
> > and I hope they release 1.4.4 or something soon (which will
> > immediatly be arch of course)
>
> That's good, but I don't think it's adequate since not everybody
> reinstalls xmule every day _and_ reads all einfo lines scrolling by.

that einfo is at pkg_postinst() so everbody should see it (at least if=20
nothing else is merged immediatly afterwards ;)

=2D-=20
Rainer Groesslinger
http://dev.gentoo.org/~scandium/

--Boundary-02=_gOrQ/yulde38DPp
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQA/QrOgErhp0AgHraoRAuQIAJ9u9TafENa9hxj4WahxxKiuXvqw0QCeLMJp
3yXAn+CUhqWxUPB3ok5eidk=
=wTfN
-----END PGP SIGNATURE-----

--Boundary-02=_gOrQ/yulde38DPp--