I've looked through the upstream repository for the patches that fix he recently announced issues. Quite a few of them turned out not to apply to squeeze, or the newer stable releases, and I've updated the security tracker accordingly. I backported the remaining fixes as best I can, and uploaded the source package to: https://people.debian.org/~benh/packages/squeeze-lts/ Would you be willing to review this package? I noticed that you entirely reverted the upstream patch that was supposed to fix CVE-2015-7704 and -7705, and then applied a different fix for -7704. I think this means -7705 isn't fixed in sid, though the security tracker currently says it is. Who's right? Ben. -- Ben Hutchings Beware of bugs in the above code; I have only proved it correct, not tried it. - Donald Knuth
Attachment:
signature.asc
Description: This is a digitally signed message part