[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RFH: qt-x11-free


 I am request help for building qt-x11-free on ARM as well, so finally
it would enter Sarge. My strongest opinion for requesting it is not that
it stalls a lot of package[1], but _it has two security fix that Sarge
does not have_ at the moment. See the changelog[2] for 3:3.3.3-4:
qt-x11-free (3:3.3.3-4) unstable; urgency=high

  * ML: Applied patch from Marcus Meissner to fix broken XPM DoS not yet 
        fixed upstream [src/kernel/qimage.cpp, CAN-2004-0692]
  * ML: Applied patch forwarded by Marcus Meissner to fix broken GIF DoS
        unfixed upstream [src/kernel/qasyncimageio.cpp, CAN-2004-0693]
  * ML: urgency=high to get security fixes into sarge as quick as possible

 -- Martin Loschwitz <madkiss@debian.org>  Sun, 22 Aug 2004 11:48:00 +0200

Sarge has an extra version uploaded, but that's only this fix:
qt-x11-free (3:3.2.3-4) unstable; urgency=medium

  * ML: Bumped shlibs to reflect changes in Qt 3.2.3-3 (Closes: #255539)
  * ML: Urgency is medium as nothing directly related to the libraries
    has changed.

 -- Martin Loschwitz <madkiss@debian.org>  Thu, 01 Jul 2004 18:53:00 +0200

As James Troup operates the ARM buildds and his laptop is stolen[3] I
would appreciate if:
- someone can hint qt-x11-free to enter Sarge without the ARM binary, or
- can make the ARM build happen, it seems it is in the build queue of
  buildd_arm-netwinder, but as I see it's near end of the list, and I
  have seen this two days ago as well.

Side notes: qt-x11-free was built on m68k meanwhile, but it is not yet
installed. Also, the security bug is filed in the BTS[5]; it seems it's
about one more CAN ([CAN-2004-0691]).

[1] http://bjorn.haxx.se/debian/testing.pl?staller=qt-x11-free
[2] http://packages.debian.org/changelogs/pool/main/q/qt-x11-free/qt-x11-free_3.3.3-4/changelog
[3] http://lists.debian.org/debian-devel/2004/08/msg01349.html
[4] http://www.buildd.net/buildd/arm_Building.html
[5] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267092

Reply to: