check the link - msyslog package needs to be updated to 1.09d (it's 1.09a which (probably because of security) isn't even in the files list anymore). Reproducible: Always Steps to Reproduce: 1. 2. 3.
Testing new Bugzilla flags; please ignore the spam...
Bugzilla flags: everything seems to work. Sorry for the spam.
aliz -- you were the last person to do any non-keywording work on this ebuild. Can you bump the ebuild in portage?
Not ready for GLSA yet, ebuild must be bumped before. Setting component back to Security. -K
Still needing a version bump to 1.09d. I did not find metadata to name a herd for this one, so it's still yours, aliz :) -K
Quote from sourceforge site. "There are buffer overflows on prior versions, update ASAP. This vuln was reported & fixed by jkohen@ Advisory from CoreST coming." Not a quick bump ;/ .ebuild needs a rewrite.
If we can't find someone to maintain it, we should probably mask this one ? -K
No vulnerable versions should be in portage IMHO - or perhaps a "security mask" should be invented (if one is not forthcoming with the new GLSA integration) - so people with legitimate reasons to install vulnerable software can still install it - but people running ~x86 don't just get it (and think it's masked for the usual reasons - such as unstable ebuild etc.). I switched to syslog-ng - its sooo much better :)
no maintainer for this package. masking for now.
Status/severity update for masked ebuild
klieber and I discussed this briefly on IRC, and decided that this should be completely removed from Portage. It's been masked for a while, nobody has complained, and we can't find a maintainer for it. Once this is done we can close the bug.
removed from portage. closing bug.
