Debian Bug report logs -
#334743
RM: goldedplus -- RoQA; orphaned, several vulnerabilities, license unclear
Reported by: Peter Karlsson <peterk@debian.org>
Date: Wed, 19 Oct 2005 16:19:21 UTC
Severity: important
Done: Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>:
Bug#334743; Package wnpp.
(full text, mbox, link).
Acknowledgement sent to Peter Karlsson <peterk@debian.org>:
New Bug report received and forwarded. Copy sent to <wnpp@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: wnpp
Severity: normal
I intend to orphan the goldedplus package. The release cycle is slow, last
proper release was 1.1.4.7 back in 2000. 1.1.5 cvs snapshots have been
released every once in a while since then.
The package description is:
GoldED+ is an offline mail reader for Fidonet message bases in
AdeptXBBS, EzyCOM, Fido (*.MSG), Goldbase, Hudson, JAM, PCBoard,
Synchronet, Squish and WildCat. It is also able to import QWK
(BBS offline mail format) and SOUP (Usenet offline mail format)
packages into said message bases, and re-export packages for
upload.
.
GoldED+ is a successor of the well-known GoldED mail editor.
Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>:
Bug#334743; Package wnpp.
(full text, mbox, link).
Acknowledgement sent to Matej Vela <vela@debian.org>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>.
(full text, mbox, link).
Message #10 received at 334743@bugs.debian.org (full text, mbox, reply):
retitle 334743 RM: goldedplus -- RoQA; orphaned, several vulnerabilities, license unclear
reassign 334743 ftp.debian.org
thanks
Please remove goldedplus.
* Orphaned for 5 months.
* Includes a heavily modified copy of uulib 0.5.15 vulnerable to
CVE-2004-0333 (buffer overflows) and CVE-2004-2265 (insecure
temporary files).
* Includes code from a non-free abandonware library. Quoting the
copyright file: "Parts of the Goldware Library is derived from the
source of the old Shareware CXL 5.2 library by Mike Smedley, from
which I bought a source license many years ago. [...] much code is
essentially unchanged [...] I even tried to find Mike Smedley, but
apparently he has vanished off the face of the earth [...]"
* popcon: 13 installations, 4 votes.
Thanks,
Matej
Changed Bug title.
Request was from Matej Vela <vela@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Blocking bugs added: 334743
Request was from Matej Vela <vela@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Severity set to `important'.
Request was from Justin Pryzby <justinpryzby@users.sourceforge.net>
to control@bugs.debian.org.
(full text, mbox, link).
Reply sent to Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Peter Karlsson <peterk@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #23 received at 334743-close@bugs.debian.org (full text, mbox, reply):
We believe that the bug you reported is now fixed; the following
package(s) have been removed from unstable:
goldedplus | 1.1.4.7+1.1.5.20051016-3 | source, alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sparc
Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it). Please also remember that the changes have been done on the
master archive (ftp-master.debian.org) and will not propagate to any
mirrors (ftp.debian.org included) until the next cron.daily run at the
earliest.
Packages are never removed from testing by hand. Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems.
Bugs which have been reported against this package are not automatically
removed from the Bug Tracking System. Please check all open bugs and
close them or re-assign them to another package if the removed package
was superseded by another one.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 334743@bugs.debian.org.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@debian.org.
Debian distribution maintenance software
pp.
Joerg Jaspert (the ftpmaster behind the curtain)
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 18 Jun 2007 04:28:00 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Apr 15 22:47:14 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.