v86d 0.1.10 for Squeeze?
Dear RT,
On 03/23/2011 04:48 PM, Moritz Muehlenhoff wrote:
> Package: v86d
> Severity: grave
> Tags: security
>
> Please see http://seclists.org/oss-sec/2011/q1/315 for details
> and a link to the patch.
>
> Could you fix this in a point update?
v86d has an open security issue in oldstable, stable, testing and
unstable (CVE-2011-1070 / Bug#619404).
For testing/unstable, the fix is just to upload the new upstream release.
For stable I could add the patch [1] and ask you to approve that package
into 6.0.2. However we also could push 0.1.10 in there, because the
current 0.1.9-1 in Squeeze already has two patches from upstream Git and
going to 0.1.10 would only add two more minor ones ([2] and [3]) with
[3] being even unused in the final binary.
Do you have an opinion on this? Having 0.1.10 in there would mean less
patch updates in the future if they would be needed.
For oldstable cherry-pinking [1] should be fine.
Regards
Evgeni
[1]
http://repo.or.cz/w/v86d.git/commitdiff/f9abfd412639286c3143e93e8ba2c9598dfba640
[2]
http://repo.or.cz/w/v86d.git/commitdiff/982d5ea17847d1e27bb650d9a3205a368b197131
[3]
http://repo.or.cz/w/v86d.git/commitdiff/e3bde5d9d4e433c4f8ccd2c7020d36e66712a835
Reply to: