Debian Bug report logs - #464161
RM: dcc -- RoQA; unfixable security issues

Package: ftp.debian.org; Maintainer for ftp.debian.org is Debian FTP Master <ftpmaster@ftp-master.debian.org>;

Reported by: Nico Golde <nion@debian.org>

Date: Tue, 5 Feb 2008 15:24:02 UTC

Severity: normal

Done: Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, James Troup and others <ftpmaster@ftp-master.debian.org>:
Bug#464161; Package ftp.debian.org. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to James Troup and others <ftpmaster@ftp-master.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: submit@bugs.debian.org
Subject: RM: dcc -- RoQA; unfixable security issues
Date: Tue, 5 Feb 2008 16:21:59 +0100
[Message part 1 (text/plain, inline)]
Package: ftp.debian.org
Severity: normal

There is currently an unfixed security issue in dcc which 
can't be fixed by backporting patches and upstream does not
provide patches.
Please remove dcc. For more details see:
http://lists.debian.org/debian-release/2008/01/msg00172.html

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, James Troup and others <ftpmaster@ftp-master.debian.org>:
Bug#464161; Package ftp.debian.org. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to James Troup and others <ftpmaster@ftp-master.debian.org>. Full text and rfc822 format available.

Message #10 received at 464161@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: 464161@bugs.debian.org
Subject: Re: RM: dcc -- RoQA; unfixable security issues
Date: Wed, 6 Feb 2008 00:33:45 +0100
> Please remove dcc. For more details see:
> http://lists.debian.org/debian-release/2008/01/msg00172.html

Ack for the removal. Upstream told us that the outdated version in
Etch causes serious problems inside the DCC network and upgrading
to a new version is not an option since DCC turned non-free.

Cheers,
        Moritz




Information forwarded to debian-bugs-dist@lists.debian.org, James Troup and others <ftpmaster@ftp-master.debian.org>:
Bug#464161; Package ftp.debian.org. Full text and rfc822 format available.

Acknowledgement sent to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to James Troup and others <ftpmaster@ftp-master.debian.org>. Full text and rfc822 format available.

Message #15 received at 464161@bugs.debian.org (full text, mbox):

From: Luk Claes <luk@debian.org>
To: Moritz Muehlenhoff <jmm@inutil.org>, 464161@bugs.debian.org
Cc: Debian Release <debian-release@lists.debian.org>
Subject: Re: Bug#464161: RM: dcc -- RoQA; unfixable security issues
Date: Wed, 06 Feb 2008 07:53:47 +0100
Moritz Muehlenhoff wrote:
>> Please remove dcc. For more details see:
>> http://lists.debian.org/debian-release/2008/01/msg00172.html
> 
> Ack for the removal. Upstream told us that the outdated version in
> Etch causes serious problems inside the DCC network and upgrading
> to a new version is not an option since DCC turned non-free.

So the version in Etch should also be removed?

Cheers

Luk




Information forwarded to debian-bugs-dist@lists.debian.org, James Troup and others <ftpmaster@ftp-master.debian.org>:
Bug#464161; Package ftp.debian.org. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to James Troup and others <ftpmaster@ftp-master.debian.org>. Full text and rfc822 format available.

Message #20 received at 464161@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Luk Claes <luk@debian.org>
Cc: 464161@bugs.debian.org, Debian Release <debian-release@lists.debian.org>
Subject: Re: Bug#464161: RM: dcc -- RoQA; unfixable security issues
Date: Wed, 6 Feb 2008 08:31:35 +0100
On Wed, Feb 06, 2008 at 07:53:47AM +0100, Luk Claes wrote:
> Moritz Muehlenhoff wrote:
> >> Please remove dcc. For more details see:
> >> http://lists.debian.org/debian-release/2008/01/msg00172.html
> > 
> > Ack for the removal. Upstream told us that the outdated version in
> > Etch causes serious problems inside the DCC network and upgrading
> > to a new version is not an option since DCC turned non-free.
> 
> So the version in Etch should also be removed?
                    ^^^^

I reckon you mean Sarge? If so, yes, it should be removed as well.

Cheers,
        Moritz




Information forwarded to debian-bugs-dist@lists.debian.org, James Troup and others <ftpmaster@ftp-master.debian.org>:
Bug#464161; Package ftp.debian.org. Full text and rfc822 format available.

Acknowledgement sent to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to James Troup and others <ftpmaster@ftp-master.debian.org>. Full text and rfc822 format available.

Message #25 received at 464161@bugs.debian.org (full text, mbox):

From: Luk Claes <luk@debian.org>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: 464161@bugs.debian.org, Debian Release <debian-release@lists.debian.org>
Subject: Re: Bug#464161: RM: dcc -- RoQA; unfixable security issues
Date: Wed, 06 Feb 2008 20:26:44 +0100
Moritz Muehlenhoff wrote:
> On Wed, Feb 06, 2008 at 07:53:47AM +0100, Luk Claes wrote:
>> Moritz Muehlenhoff wrote:
>>>> Please remove dcc. For more details see:
>>>> http://lists.debian.org/debian-release/2008/01/msg00172.html
>>> Ack for the removal. Upstream told us that the outdated version in
>>> Etch causes serious problems inside the DCC network and upgrading
>>> to a new version is not an option since DCC turned non-free.
>> So the version in Etch should also be removed?
>                     ^^^^
> 
> I reckon you mean Sarge? If so, yes, it should be removed as well.

I meant Etch as the current bug is according to the subject syntax for
removal bugs only relevant for sid...

http://wiki.debian.org/ftpmaster_Removals

Cheers

Luk




Reply sent to Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #30 received at 464161-close@bugs.debian.org (full text, mbox):

From: Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>
To: 464161-close@bugs.debian.org
Cc: dcc@packages.debian.org, dcc@packages.qa.debian.org
Subject: Bug#464161: fixed
Date: Thu, 07 Feb 2008 22:32:23 +0000
We believe that the bug you reported is now fixed; the following
package(s) have been removed from unstable:

       dcc |   1.3.42-5 | source
dcc-common |   1.3.42-2 | m68k
dcc-common |   1.3.42-5 | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
dcc-milter |   1.3.42-2 | m68k
dcc-milter |   1.3.42-5 | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
dcc-server |   1.3.42-2 | m68k
dcc-server |   1.3.42-5 | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive (ftp-master.debian.org) and will not propagate to any
mirrors (ftp.debian.org included) until the next cron.daily run at the
earliest.

Packages are never removed from testing by hand.  Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems.

Bugs which have been reported against this package are not automatically
removed from the Bug Tracking System.  Please check all open bugs and
close them or re-assign them to another package if the removed package
was superseded by another one.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 464161@bugs.debian.org.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@debian.org.

Debian distribution maintenance software
pp.
Joerg Jaspert (the ftpmaster behind the curtain)




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 07 Mar 2008 07:32:31 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 21:05:48 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.