[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Stable update of dajaxice

Hi Angel,

On Thursday 24 February 2011 12:27:21 Angel Abad wrote:
> 2011/2/24 Adam D. Barratt <adam@adam-barratt.org.uk>:
> > Hi,
> > 
> > On Thu, February 24, 2011 10:16, Angel Abad wrote:
> >> I've prepared an upload to stable for package dajaxice, since
> >> python-django was patched for problems related with crsf cookies,
> >> dajaxice is unusable in squeeze.
> > 
> > Was this issue introduced as a side-effect of the changes in DSA-2163-1,
> > specifically those marked as backwardly-incompatible?  If so then it
> > would be good if this could also be fixed via the security archive, as
> > the regression was introduced in a security update (albeit in a
> > different package); I've CCed the security team for comment.
> Yes, you are right is a side-effect of DSA-2163-1 - CVE-2011-0696

Please upload the package to security-master then. Note that you need to 
change the target in the changelog and build the package with full source (-sa 
flag). Full checklist of packages for security-master is here:

The security team will then take care of releasing it through security-master.


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: