Re: oldstable: mt-daapd update addressing #555231

To: Julien BLACHE <jblache@debian.org>
Cc: debian-release@lists.debian.org
Subject: Re: oldstable: mt-daapd update addressing #555231
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Wed, 11 Nov 2009 21:32:14 +0000
Message-id: <[🔎] 1257975134.3321.2090.camel@kaa.jungle.aubergine.my-net-space.net>
In-reply-to: <[🔎] 87pr7pxtzc.fsf@sonic.technologeek.org>
References: <[🔎] 87pr7pxtzc.fsf@sonic.technologeek.org>

Hi,

On Wed, 2009-11-11 at 10:59 +0100, Julien BLACHE wrote:
> I've prepared an update of mt-daapd for oldstable, addressing #555231
> (two CVEs in prototype.js). Changelog:
> 
>  mt-daapd (0.2.4+r1376-1.1+etch3) oldstable; urgency=low
>  .
>    * debian/rules, debian/prototype-1.6.1.js:
>      + Ship an updated copy of the prototype library, fixing a number
>        of issues including CVE-2007-2383 and CVE-2008-7720 (closes: #555231).

How big is the diff from prototype 1.4.0 (as used in the current
package) to 1.6.1?  The bug report mentions that patches fixing the two
CVEs are available, although I wasn't entirely clear as to whether they
apply to 1.4.0 or not.

The bug log also mentions that you were planning to upload a fixed
package to oldstable-security; is that no longer the case?

Regards,

Adam

Reply to:

Follow-Ups:
- Re: oldstable: mt-daapd update addressing #555231
  - From: Julien BLACHE <jblache@debian.org>
- Re: oldstable: mt-daapd update addressing #555231
  - From: Julien BLACHE <jblache@debian.org>

References:
- oldstable: mt-daapd update addressing #555231
  - From: Julien BLACHE <jblache@debian.org>

Prev by Date: Bug#555804: pu, opu: package fam/2.7.0-13.3, fam/2.7.0.12
Next by Date: Re: oldstable: mt-daapd update addressing #555231
Previous by thread: oldstable: mt-daapd update addressing #555231
Next by thread: Re: oldstable: mt-daapd update addressing #555231
Index(es):
- Date
- Thread