Re: unblock and pu request for libxslt
On Thu, Jul 5, 2012 at 6:21 PM, Adam D. Barratt
<adam@adam-barratt.org.uk> wrote:
> On 05.07.2012 11:00, Aron Xu wrote:
>>
>> Can you please unblock libxslt/1.1.26-13 which fixes CVE-2012-2825
>> (Bug #679283)? Patch applied:
>>
>>
>> http://anonscm.debian.org/gitweb/?p=debian-xml-sgml/libxslt.git;a=blob;f=debian/patches/0005-cve-2012-2825.patch;h=2e7db481530519ed82a69ab41e4297767f83e6f5;hb=ecbb4ca70e90c1c4789049e7a41c6c1d2c51871e
>
>
> This is fun:
>
> --- libxslt-1.1.26/debian/changelog 2012-06-15 11:04:15.000000000 +0000
> +++ libxslt-1.1.26/debian/changelog 2012-07-05 03:10:22.000000000 +0000
> @@ -1,9 +1,8 @@
> -libxslt (1.1.26-12+rebuild1) unstable; urgency=low
> +libxslt (1.1.26-13) unstable; urgency=low
>
> - * Rebuild against new libxml2 to make xslt-config identical across
> - architectures.
> + * Patch to fix CVE-2012-2825 (Closes: #679283).
>
> - -- Aron Xu <aron@debian.org> Fri, 15 Jun 2012 18:55:36 +0800
> + -- Aron Xu <aron@debian.org> Thu, 05 Jul 2012 11:09:19 +0800
>
> Unblocked anyway.
>
Thanks for unblocking, but no fun at all. changelog for sourceful
rebuild is useless for history tracking anyway.
>
>> I've also prepared an update for squeeze and please advise if I can
>> upload to pu. This fixes three CVEs:
>
>
> Please don't mix different types of request in the same mail. For a stable
> update, please open an appropriately usertagged pu bug, including a full
> source debdiff rather than VCS pointers.
>
> Regards,
>
> Adam
OK, will do, thanks!
--
Regards,
Aron Xu
Reply to: