[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security Patch in netpanzer (question)



On Friday 09 June 2006 05:11, Hans de Goede wrote:
> Hugo Cisneiros wrote:
> > Hi,
> >
> > I'm trying to fix this bug in the netpanzer package:
> >
> > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192990
> >
> > It seems that the SVN version is ok, but I'm not a programmer to make a
> > patch only to fix this vulnerability. An option would be to create and
> > apply a patch to update the entire version to SVN instead of only the
> > vulnerability fix.
> >
> > What do you think? What is the current method?
> >
> > If applying the patch to update entirely to the svn version, I must
> > change the entire package's version or change only the release field in
> > the specfile?
>
> Why don't you ask upstream to make a new release with their fix for this
> and the fix I've attached to:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192983
> for CVE-2006-2575?
>
> That sounds like a good reason to make a new release to me?

I've applied your fix and it works very well, thanks! I'm trying to get the 
other fix first, then package both fixes as one release.

The maintainer isn't doing this package anymore. He is looking for new 
maintainers and have said that no more versions will be released from him (I 
already asked him too ;-)

>From the official home-page:
http://netpanzer.berlios.de

12. Nov 2005 
Looking for a new maintainer
The last months I was very busy with university and other open source projects 
I'm working on. So effectively netpanzer development has halted. I'm looking 
for someone to take over the netpanzer development. If you're interested 
write a mail to matze braunis de 

> Otherwise I would try to find the exact patch fixing this and
> backporting it, upgrading to a snapshot might cause all kinda problems
> including network protocol incompatibilities.

I'll try to do this... It will be much difficult because I'm not a programmer, 
but I'll try beggining now ;-) Thanks for your reply.

> Regards,
> Hans

-- 
[]'s
Eitch

http://www.devin.com.br/eitch/
"Talk is cheap. Show me the code." - Linus Torvalds


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]