[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: oldstable: mt-daapd update addressing #555231

"Adam D. Barratt" <adam@adam-barratt.org.uk> wrote:

Hi,

> How big is the diff from prototype 1.4.0 (as used in the current
> package) to 1.6.1?  The bug report mentions that patches fixing the two

Don't know, I haven't even looked. There were other issues before those
two I believe, and they never got fixed. I know that the web interface
works just fine with 1.6.1 so upgrading to 1.6.1 is not an issue.

> CVEs are available, although I wasn't entirely clear as to whether they
> apply to 1.4.0 or not.

My bet is they don't; 1.4.0 is pretty ancient now.

> The bug log also mentions that you were planning to upload a fixed
> package to oldstable-security; is that no longer the case?

Re-reading the report, it doesn't actually ask for a security upload. I
have no preference for security vs. opu, although I don't think this
issue is worth a security upload given mt-daapd is not a web app, which
reduces the scope of the vulnerabilities considerably IMO.

JB.

-- 
 Julien BLACHE <jblache@debian.org>  |  Debian, because code matters more 
 Debian & GNU/Linux Developer        |       <http://www.debian.org>
 Public key available on <http://www.jblache.org> - KeyID: F5D6 5169 
 GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169
Reply to: