Re: [SRM] Stable update for libpcap
On Sun, 2011-07-10 at 19:57 +0200, Romain Francoise wrote:
> I'd like to upload the following update for libpcap in squeeze, it
> addresses two bugs:
Thanks for working on this, and sorry for the slight delay in getting
back to you.
> - #612803: device detection is broken if the bonding module is loaded
> because it creates an extra file in /sys/class/net, the upstream fix is
> used verbatim.
I debated this one given the low severity of the bug and that it only
appears to cause issues under a small set of circumstances. However,
the patch is small and obvious enough and I'd be happy to accept it in
an upload fixing the security issue.
> - #623868 (aka CVE-2011-1935): a security issue that was not serious
> enough to warrant a DSA. The patch is the result of several upstream
> commits that were backported to libpcap 1.1.1.
So far as I can see from the diff and reading the log for #623868, this
also includes changes related to #625443; is that correct? The bug log
there mentions that the problem only occurs with libpcap 1.1.1-4,
whereas squeeze has 1.1.1-2 - is the log incorrect, or does #625443 not
actually affect stable?