Re: perl update for squeeze
On Mon, Dec 19, 2011 at 11:19:03PM +0000, Adam D. Barratt wrote:
> On Mon, 2011-12-19 at 22:51 +0000, Dominic Hargreaves wrote:
> > On Mon, Dec 19, 2011 at 12:58:35PM +0000, Adam D. Barratt wrote:
> > > On 19.12.2011 11:30, Dominic Hargreaves wrote:
> > > >The security team has asked that we fix a couple of no-dsa issues in
> > > >the next squeeze point release. This bug
> > > >(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604902) was also
> > > >queued for a point release update.
> > > The patch looks like it would be okay; thanks. However, in order to
> > > approve the upload for a point release, we'd need to see full
> > > debdiffs for the proposed package which would be uploaded.
> > Current debdiff (without finalised changelog) attached.
> Thanks. Overall the diff looks fine, although the first two of these:
> + * [SECURITY] CVE-2011-2939: Fix decode_xs n-byte heap-overflow security
> + bug in Unicode.xs (Closes: #637376)
> + * [SECURITY] CVE-2011-3597: Fix unsafe use of eval in Digest->new();
> + thanks to Ansgar Burchardt for the notification (Closes: #644108)
> + * Unregister signal handler before destroying my_perl; fixes segfault
> + (Closes: #604902)
> appear to no longer be marked as fixed in testing and unstable. I'm
> guessing this is purely an artefact of the archive + re-open but it
> would be good if the BTS versioning could be fixed up to accurately
> reflect the state of the bugs.
Will upload to s-p-u soon.
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)