Hi Angel, On Thursday 24 February 2011 12:27:21 Angel Abad wrote: > 2011/2/24 Adam D. Barratt <firstname.lastname@example.org>: > > Hi, > > > > On Thu, February 24, 2011 10:16, Angel Abad wrote: > >> I've prepared an upload to stable for package dajaxice, since > >> python-django was patched for problems related with crsf cookies, > >> dajaxice is unusable in squeeze. > > > > Was this issue introduced as a side-effect of the changes in DSA-2163-1, > > specifically those marked as backwardly-incompatible? If so then it > > would be good if this could also be fixed via the security archive, as > > the regression was introduced in a security update (albeit in a > > different package); I've CCed the security team for comment. > > Yes, you are right is a side-effect of DSA-2163-1 - CVE-2011-0696 Please upload the package to security-master then. Note that you need to change the target in the changelog and build the package with full source (-sa flag). Full checklist of packages for security-master is here: http://www.debian.org/doc/developers-reference/pkgs.html#bug-security-building The security team will then take care of releasing it through security-master. Cheers, Thijs
Description: This is a digitally signed message part.