Testing has samba 3.4.8. We recently asked for pre-approval for 3.5.4 for squeeze. The RT suggestion was to upload it to unstable and after a few weeks to prod them again for a possible freeze exception. In the meantime, yesterday (Sept 14th) upstream released a security update (3.3.14, 3.4.9, 3.5.5) for a buffer overrun vulnerability. This update happened without prior private warning, so we have to react as quickly as possible, without preparation. Yesterday, I prepared an update for stable (3.2 is also vulnerable) and the security team is aware of it. I also prepared a 3.5.5 upload and will probably upload it to unstable today. My concern is testing (and backports.org). As the choice between 3.4 and 3.5 hasn't been made yet, we're not 100% sure that squeeze will have 3.5 and, anyway, during the few weeks of 3.5 "maturation" in unstable....testing and backports users are left without update. So, having 3.4.9 in testing sems needed. Should I upload it through t-p-u? If that's done, I will also upload a fixed 3.4.9 version to backports --
Attachment:
signature.asc
Description: Digital signature