linuxdcpp-team team mailing list archive

Thread
Date

Re: [Question #132380]: Official DC++ has important security release-what about us?

To: linuxdcpp-team@xxxxxxxxxxxxxxxxxxx
From: Steven Sheehy <question132380@xxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 05 Nov 2010 04:15:43 -0000
Reply-to: question132380@xxxxxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Question #132380 on LinuxDC++ changed:
https://answers.launchpad.net/linuxdcpp/+question/132380

    Status: Open => Answered

Steven Sheehy proposed the following answer:
Not sure why you say official DC++ but then link to ApexDC++... but
anyway, looks like it does affect DC++ as well. I don't really consider
this a "critical security" vulnerability, clients should know that hub
lists are third parties and are not to be trusted. The worst it can do
is send you to some useless hub and spam you, as far as I can tell. Even
the official DC++ has not made a release with the updated code even
though they've had it fixed since 9/30 in bazaar, so it couldn't be that
critical.

Either way, our trunk is not in a state to make a release at the moment
and we unfortunately didn't branch 1.0.3 before the changes. 1.1.0 will
be worth the wait, though.

-- 
You received this question notification because you are a member of
LinuxDC++ Team, which is an answer contact for LinuxDC++.