[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#642579: opu: package openssl/0.9.8g-15+lenny12

retitle 642579 opu: package openssl/0.9.8g-15+lenny13
clone 642579 -1
user release.debian.org@packages.debian.org
usertag -1 -opu
usertag -1 +pu
retitle -1 pu: package openssl/0.9.8o-4squeeze3
tag -1 + squeeze
tag 642579 + lenny

On Fri, 2011-09-23 at 23:29 -0500, Raphael Geissert wrote:
> If possible, I'd like to make an update to openssl to fix CVE-2011-3207

-3210, as per your second mail.

> in lenny (and squeeze.)

Let's make this two bugs then.

> I don't have the final debdiff as of this time, but the 
> only change is upstream's fix [1]

That looks sane enough.  Given that it appears to have been resolved in
the same upstream release as -3207 and -1945, it would have been nice if
it could have been included in -4squeeze2 and -15+lenny12, which
resolved the latter.  Ah well.

> Will send the debdiff tomorrow morning on my TZ, but I wanted to give a heads 
> up because of the point release freeze deadline.
> Please let me know if it's still feasible. It ain't an urgent issue anyway.

It's certainly feasible for squeeze.  Lenny should be doable, assuming
the upload doesn't get delayed.



Reply to: