Re: [SRM] stable/oldstable uploads for vftool CVE-2011-0433
On Mon, 4 Jul 2011 22:45:29 +0100, Jonathan Wiltshire wrote:
On Mon, Jul 04, 2011 at 09:40:44PM +0100, Adam D. Barratt wrote:
> Stable is easy: the same version is present, so the patch is just
> as for unstable.
Thanks for this. I assume the stable upload would be 2.0alpha-4
+squeeze1 or similar? (Or 2.0alpha-4.1~squeeze1 would work, I
> In oldstable, you have a choice of whether to include the changes
in -4 or
> not. They fix a FTBFS (which I could not reproduce in a lenny
> are not strictly necessary to fix the CVE. I will prepare uploads
> according to your preference.
The FTBFS would only occur if the lenny version were built with
_GNU_SOURCE defined (which it obviously wasn't, given that it built
start with); only later versions of (e)glibc unconditionally define
getline(). On that basis, please only include the security-related
changes for oldstable.
Thanks; uploaded as 2.0alpha-4+squeeze1 and 2.0alpha-3+lenny1.
I've marked both for acceptance at the next dinstall; thanks.