[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: xerces-c2-2.8.0-3+lenny1: permission to upload to stable

On Sat, 2010-02-06 at 22:15 -0500, Jay Berkenbilt wrote:
> The current xerces-c2 package, 2.8.0+deb1-2, contains a patch supplied
> by upstream to address CVE-2009-1885.  The security team has deemed that
> this is not important enough for a DSA, and I agree.  From Giuseppe
> Iuculano:
[...]
> As it happens, the patch from 2.8.0+deb1-2 applies perfectly to the
> version in stable, so preparing an update to stable is trivial.  With
> the permission of the release team, I will prepare the upload.  I'm not
> sure what the best way to do this is.  I can either prepare an upload to
> stable or I can supply a patch that can be applied to the version of the
> package in stable.  I don't presently have a stable chroot to build in,
> though I can obviously make one to prepare the package if it would help.

Please prepare an update (built against stable, either on a stable
system or in a chroot), and send a debdiff against the current stable
package to debian-release for upload approval.

Regards,

Adam
Reply to: