[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#599255: unblock: zabbix/1.8.3-2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am 07.10.2010 20:22, schrieb Mehdi Dogguy:
> [ CC'ing Christoph Haas since he's the uploader ]
> 
> On 06/10/2010 09:57, Jordi Mallach wrote:
>> Package: release.debian.org Severity: normal User: 
>> release.debian.org@packages.debian.org Usertags: freeze-exception
>>
>> Please unblock package zabbix
>>
>> Zabbix 1.8.3 includes a security fix (CVE-2010-2790) plus a series of 
>> important packaging fixes.
>>
> 
> The diff is quite large. I don't think it's reasonable to unblocking it at
> this stage of the freeze.
> 
> 	 643 files changed, 57774 insertions(+), 93146 deletions(-)
> 
> Most of the changes are packaging related. Concerning the security bug, it
> seems possible to extract a fix. Looking at the diff (file attached) for
> frontends/php/include/classes/class.curl.php, it seems pretty easy to
> provide a simple fix. Why didn't you try to do that instead of introducing
> this new upstream release?

Bad timing. I really had hoped to have 1.8.3 ready before Squeeze got
frozen because refactoring the Debian packages was desperately
necessary. Okay, I'm talking to the upstream about a minimal patch to
fix this very issue.

 Christoph
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkyxqJkACgkQCV53xXnMZYbIugCfS9sLp2W0hNabH1StAAi381Ce
YrMAoLIwbg4xZFsbIGbLUaXUYzmqkJ5f
=HI+F
-----END PGP SIGNATURE-----
Reply to: