Hi, On Thu, Aug 26, 2010 at 04:36:46PM +0900, Atsuhito Kohda wrote: > It might be too late but could you please add a freeze > exception for the package lynx-cur 2.8.8dev5-1? > > It will fix a security bug: > CVE-2010-2810: Heap-based buffer overflow > > Thanks for your great work. * You don't need to close bugs you forgot to close earlier in the changelog. This even messes up version tracking, as the bug will be marked as closed in the wrong version. * "A fix for #592078 with patch-3 is not necessary so removed it." You did not remove the patch but commented it out from series. This is a pain, if you review patch files and then notice that it has actually been added commented out. * The truncation of strlen from size_t to int on strlen in src/GridText.c looks bogus to me. Why is that valid? How does it help? Kind regards, Philipp Kern
Attachment:
signature.asc
Description: Digital signature