On 09:23 Thu 16 Dec , Mehdi Dogguy wrote: MD> On 12/16/2010 06:54 AM, Dmitry E. Oboukhov wrote: >> MM>>> Dmitry, this is still unfixed in Squeeze. Please take care of an MM>>> update ASAP. >> >> centerim contained ancient version of the library (all its >> libraries), so the patch wouldn't so easy as Mehdi said. And I don't >> know what to do: to create new big patch? It would have a little >> difference with centerim 4.22.10 and release team wouldn't unblock >> the package again. to exclude the package from squeeze? I don't know. >> :( MD> Did you have a look at libjabber/xmltok_impl_c.h in testing's version MD> and compared it to unstable's version? yes, but centerim upstream uses ancient libraries, so they patch them by hand if the security-bug is found. so usually modern version of these libraries don't fit for current centerim. At Mar 2011 they are going to release new centerim (5.0): it will have no libraries inside, so they (and I) don't want to reorder current situation :) -- ... mpd playing: U.D.O. - The Key . ''`. Dmitry E. Oboukhov : :’ : email: unera@debian.org jabber://UNera@uvw.ru `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537
Attachment:
signature.asc
Description: Digital signature