Re: libarchive-tar-perl oldstable update for CVE-2007-4829

To: pkg-perl-maintainers@lists.alioth.debian.org, debian-release@lists.debian.org
Subject: Re: libarchive-tar-perl oldstable update for CVE-2007-4829
From: Luk Claes <luk@debian.org>
Date: Sun, 15 Mar 2009 12:22:37 +0100
Message-id: <49BCE4FD.6030006@debian.org>
In-reply-to: <20090314142256.GE20938@ngolde.de>
References: <20090310133336.GA11130@ngolde.de> <20090313223223.GA17595@localdomain> <20090314142256.GE20938@ngolde.de>

Nico Golde wrote:
> Hi,
> * Gunnar Wolf <gwolf@gwolf.org> [2009-03-13 23:47]:
> [...] 
>>> This is Debian bug #449544.
>>>
>>> Unfortunately the vulnerability described above is not important enough
>>> to get it fixed via regular security update in Debian oldstable. It does
>>> not warrant a DSA.
>>>
>>> However it would be nice if this could get fixed via a regular point update[1].
>>> Please contact the release team for this.
>> Nico brought this point to our (pkg-perl's) attention - After some
>> discussion in the pkg-perl IRC channel, we found that the intermediate
>> releases between the version shipped in Etch (1.30) and the one where
>> this bug was fixed (1.38) were all reliability-related [1], and appear
>> to be not too broad. So, even if we could just pick up the required
>> changeset to make a specific 1.30-2+etch1 upload, it would be better
>> just to upload 1.38 to Etch instead - Please tell us what to do.
> 
> Looking at the changelog it looks indeed like it would be a 
> good idea to ship 1.38. Would that be a problem for the 
> release team?

It depends on the diff.

Cheers

Luk

Reply to:

References:
- Re: libarchive-tar-perl oldstable update for CVE-2007-4829
  - From: Nico Golde <debian-release+ml@ngolde.de>

Prev by Date: Re: munin: unblock request for stable-proposed-updates
Next by Date: Re: please unblock reiser4progs/1.0.7-2
Previous by thread: Re: libarchive-tar-perl oldstable update for CVE-2007-4829
Next by thread: please unblock reiser4progs/1.0.7-2
Index(es):
- Date
- Thread