[CCing to debian-release since I request an update.]
Hi,
I uploaded the new upstream of Elog a few days ago (this is a sponsored
package). I've just noticed a possible security flaw which affects both
versions in testing (2.5.7+r1558) and unstable (2.5.8+r1637), as can be
seen in the following CVS log of r1.638:
http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c
Since the fix[1] is so trivial to backport, I can easily prepare a new
package for just the version in testing. But while I'm on it, I think
packaging the new upstream would be more appropriate as the new upstream
has major enhancements over the one in testing. Could you make a
suggestion? Should I follow the usual procedure, i.e. first submitting
a new bug in 'critical' severity, and then close it by a 'high' urgency
upload?
Regards,
[1] http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c.diff?r1=1.645;r2=1.646;f=h
--
roktas
Attachment:
signature.asc
Description: Digital signature