[CCing to debian-release since I request an update.] Hi, I uploaded the new upstream of Elog a few days ago (this is a sponsored package). I've just noticed a possible security flaw which affects both versions in testing (2.5.7+r1558) and unstable (2.5.8+r1637), as can be seen in the following CVS log of r1.638: http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c Since the fix[1] is so trivial to backport, I can easily prepare a new package for just the version in testing. But while I'm on it, I think packaging the new upstream would be more appropriate as the new upstream has major enhancements over the one in testing. Could you make a suggestion? Should I follow the usual procedure, i.e. first submitting a new bug in 'critical' severity, and then close it by a 'high' urgency upload? Regards, [1] http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c.diff?r1=1.645;r2=1.646;f=h -- roktas
Attachment:
signature.asc
Description: Digital signature