squeeze update of dpkg?
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Squeeze version of dpkg:
I had a quick look. The squeeze version of dpkg has a much more lax
parser, so the issue might not apply directly... but there might be
other related problems due to the fact that it will see a signature
where gpg would not see one. There a few details available about
CVE-2015-0840 so I'm not sure.
I see Ubuntu has pushed an update which basically brings the
Dpkg::Control::Hash in sync with what we have in wheezy:
Would you like to take care of this yourself? We are still understaffed so
any help is always highly appreciated.
If yes, please follow the workflow we have defined here:
If that workflow is a burden to you, feel free to just prepare an
updated source package and send it to email@example.com
(via a debdiff, or with an URL pointing to the the source package,
or even with a pointer to your packaging repository), and the members
of the LTS team will take care of the rest. Indicate clearly whether you
have tested the updated package or not.
If you don't want to take care of this update, it's not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/