Re: v86d 0.1.10 for Squeeze?
[Apologies for not having picked this up again earlier]
On Mon, 2011-04-25 at 16:54 +0100, Adam D. Barratt wrote:
> On Sun, 2011-04-03 at 17:14 +0200, Evgeni Golov wrote:
> > v86d has an open security issue in oldstable, stable, testing and
> > unstable (CVE-2011-1070 / Bug#619404).
> >
> > For testing/unstable, the fix is just to upload the new upstream release.
>
> So far as I can see, that didn't happen yet? Having the issue fixed in
> unstable at least is generally a prerequisite for fixing it in stable.
This now happened, and the package has been in testing for a while.
> > For stable I could add the patch [1] and ask you to approve that package
> > into 6.0.2. However we also could push 0.1.10 in there, because the
> > current 0.1.9-1 in Squeeze already has two patches from upstream Git and
> > going to 0.1.10 would only add two more minor ones ([2] and [3]) with
> > [3] being even unused in the final binary.
>
> This may be an option, but I'd like to see a final debdiff between the
> 0.1.10 package that gets uploaded to unstable and the current squeeze
> package before we make a final decision.
Any chance of debdiffs for stable and oldstable so we can look at
possibly getting this resolved in the next point release? (For which
the NEW queue will be frozen during the weekend of October 1st).
Regards,
Adam
Reply to: