Re: Request zabbix backport
On 02/10/2012 08:52 PM, TheLinuxFr wrote:
> zabbix <http://packages.debian.org/src:zabbix> (1:1.8.10-1) unstable;
> urgency=low
>
> * New upstream release (resolves security bug
> CVE-2011-5027 <http://security-tracker.debian.org/tracker/CVE-2011-5027> mentioned in #652664).
> * Fixed typo in synopsis (closes: #652723 <http://bugs.debian.org/652723>)
> * Updated pt_BR.po template (closes: #652880 <http://bugs.debian.org/652880>)
> * Updated pt.po template (closes: #652923 <http://bugs.debian.org/652923>)
> * Updated ru.po template (closes: #653210 <http://bugs.debian.org/653210>)
> * Fixed FTBFS (closes: #655488 <http://bugs.debian.org/655488>)
> * Checking more thoroughly for an installed Apache in
> zabbix-frontend-php.postinst to make sure the script does not fail if
> other 'httpd' than Apache are installed (closes: #647458 <http://bugs.debian.org/647458>)
> * Fixed XSS security issue (closes: #657193 <http://bugs.debian.org/657193>)
> * Fixed XSS security issue (closes: #652664 <http://bugs.debian.org/652664>)
> * Enabled hardened build flags (closes: #656774 <http://bugs.debian.org/656774>)
Hi,
I see absolutely nothing in the above changelog that would deserve a
backport (eg: no new features). I see only bug fixes, which should also
be fixed in Debian Stable ASAP (security fixes), or other bug fixes that
would be good candidates for proposed-updates (typo in synopsis,
#647458, etc.). Backports isn't the security updates repository...
So if there's still *other* differences between 1.8.2-1squeeze2 and
1.8.10-1 that deserves a backport, please list them.
Thomas Goirand (zigo)
Reply to: