Re: Bug#698174: perl: double-free in load subroutine for Digest::SHA
Hi Niko, hi Dominic
(dropping release team list, adding debian-perl)
On Wed, Jan 23, 2013 at 08:51:08AM +0200, Niko Tyni wrote:
> On Tue, Jan 22, 2013 at 11:59:17PM +0000, Dominic Hargreaves wrote:
> > Having this fix only
> > in one of the two places Digest::SHA appears in wheezy is probably
> > a Bad Thing, so maybe we should upload a fix for wheezy/perl after all.
> Yes, I think we should (FWIW). Along with that, I suppose we need to update
> Breaks: libdigest-sha-perl (<< 5.61)
> in the perl package to read
> Breaks: libdigest-sha-perl (<< 5.71-2)
> so that any buggy versions of the libdigest-sha-perl package
> can't override the fixed version in the perl package.
> While at it, I think the fix for #698320 (signed/unsigned wraparound
> on 32-bit platforms) could/should go in too. Release team, would that
> be OK with you?
I wonder: Is there anything we (pkg-perl team) should keep in mind
when trying to fix these issues affecting dual-lifed modules? In
particular here, as libdigest-sha-perl got an ublock because it
satisfied it right straightforward.
It's surely not my intention to make your work harder in any case.
Thanks for your work on the perl package!