Debian Bug report logs - #334743
RM: goldedplus -- RoQA; orphaned, several vulnerabilities, license unclear

Package: ftp.debian.org; Maintainer for ftp.debian.org is Debian FTP Master <ftpmaster@ftp-master.debian.org>;

Reported by: Peter Karlsson <peterk@debian.org>

Date: Wed, 19 Oct 2005 16:19:21 UTC

Severity: important

Done: Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>:
Bug#334743; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Peter Karlsson <peterk@debian.org>:
New Bug report received and forwarded. Copy sent to <wnpp@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Peter Karlsson <peterk@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: O: goldedplus -- Offline mail reader for Fidonet and Usenet
Date: Wed, 19 Oct 2005 17:07:58 +0100
Package: wnpp
Severity: normal

I intend to orphan the goldedplus package. The release cycle is slow, last
proper release was 1.1.4.7 back in 2000. 1.1.5 cvs snapshots have been
released every once in a while since then.

The package description is:
 GoldED+ is an offline mail reader for Fidonet message bases in
 AdeptXBBS, EzyCOM, Fido (*.MSG), Goldbase, Hudson, JAM, PCBoard,
 Synchronet, Squish and WildCat. It is also able to import QWK
 (BBS offline mail format) and SOUP (Usenet offline mail format)
 packages into said message bases, and re-export packages for
 upload.
 .
 GoldED+ is a successor of the well-known GoldED mail editor.



Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>:
Bug#334743; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Matej Vela <vela@debian.org>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>. Full text and rfc822 format available.

Message #10 received at 334743@bugs.debian.org (full text, mbox):

From: Matej Vela <vela@debian.org>
To: 334743@bugs.debian.org
Cc: control@bugs.debian.org, debian-qa@lists.debian.org
Subject: RM: goldedplus -- RoQA; orphaned, several vulnerabilities, license unclear
Date: Thu, 23 Mar 2006 13:54:16 +0100
retitle 334743 RM: goldedplus -- RoQA; orphaned, several vulnerabilities, license unclear
reassign 334743 ftp.debian.org
thanks

Please remove goldedplus.

  * Orphaned for 5 months.
  * Includes a heavily modified copy of uulib 0.5.15 vulnerable to
    CVE-2004-0333 (buffer overflows) and CVE-2004-2265 (insecure
    temporary files).
  * Includes code from a non-free abandonware library.  Quoting the
    copyright file: "Parts of the Goldware Library is derived from the
    source of the old Shareware CXL 5.2 library by Mike Smedley, from
    which I bought a source license many years ago. [...] much code is
    essentially unchanged [...] I even tried to find Mike Smedley, but
    apparently he has vanished off the face of the earth [...]"
  * popcon: 13 installations, 4 votes.

Thanks,

Matej



Changed Bug title. Request was from Matej Vela <vela@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug reassigned from package `wnpp' to `ftp.debian.org'. Request was from Matej Vela <vela@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Blocking bugs added: 334743 Request was from Matej Vela <vela@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Severity set to `important'. Request was from Justin Pryzby <justinpryzby@users.sourceforge.net> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Peter Karlsson <peterk@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #23 received at 334743-close@bugs.debian.org (full text, mbox):

From: Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>
To: 334743-close@bugs.debian.org
Cc: goldedplus@packages.debian.org, goldedplus@packages.qa.debian.org
Subject: Bug#334743: fixed
Date: Sun, 26 Mar 2006 05:46:16 -0800
We believe that the bug you reported is now fixed; the following
package(s) have been removed from unstable:

goldedplus | 1.1.4.7+1.1.5.20051016-3 | source, alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sparc

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive (ftp-master.debian.org) and will not propagate to any
mirrors (ftp.debian.org included) until the next cron.daily run at the
earliest.

Packages are never removed from testing by hand.  Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems.

Bugs which have been reported against this package are not automatically
removed from the Bug Tracking System.  Please check all open bugs and
close them or re-assign them to another package if the removed package
was superseded by another one.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 334743@bugs.debian.org.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@debian.org.

Debian distribution maintenance software
pp.
Joerg Jaspert (the ftpmaster behind the curtain)



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 18 Jun 2007 04:28:00 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 07:31:05 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.