Bug#652107: pu: package libpar-packer-perl/1.006-1 and libpar-perl/1.000-1

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

tag 652107 + squeeze moreinfo
thanks

On Wed, 2011-12-14 at 22:12 +0100, Salvatore Bonaccorso wrote:
> libpar-packer-perl 1.006-1 and libpar-perl 1.000-1 in Squeeze are
> affected by CVE-2011-4114: "PAR packed files are extracted to unsafe
> and predictable temporary directories.".
[...]
> The debdiffs I would propose are attached. I have one further
> question, would you accept addition of these patches (adapted) [3] and
> [4]?
> 
>  [3] http://search.cpan.org/diff?from=PAR-Packer-1.011&to=PAR-Packer-1.012&w=1
>  [4] http://search.cpan.org/diff?from=PAR-1.004&to=PAR-1.005&w=1

Yes, those patches should be okay to include.  I'd like to see final
debdiffs before giving a final ACK though.

It wasn't entirely clear from your mail, but have the packages with the
patches applied been tested on squeeze?

Regards,

Adam