Bug#599255: unblock: zabbix/1.8.3-2
-----BEGIN PGP SIGNED MESSAGE-----
Am 07.10.2010 20:22, schrieb Mehdi Dogguy:
> [ CC'ing Christoph Haas since he's the uploader ]
> On 06/10/2010 09:57, Jordi Mallach wrote:
>> Package: release.debian.org Severity: normal User:
>> firstname.lastname@example.org Usertags: freeze-exception
>> Please unblock package zabbix
>> Zabbix 1.8.3 includes a security fix (CVE-2010-2790) plus a series of
>> important packaging fixes.
> The diff is quite large. I don't think it's reasonable to unblocking it at
> this stage of the freeze.
> 643 files changed, 57774 insertions(+), 93146 deletions(-)
> Most of the changes are packaging related. Concerning the security bug, it
> seems possible to extract a fix. Looking at the diff (file attached) for
> frontends/php/include/classes/class.curl.php, it seems pretty easy to
> provide a simple fix. Why didn't you try to do that instead of introducing
> this new upstream release?
Bad timing. I really had hoped to have 1.8.3 ready before Squeeze got
frozen because refactoring the Debian packages was desperately
necessary. Okay, I'm talking to the upstream about a minimal patch to
fix this very issue.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----