Control: tags -1 + pending On 27.08.2012 19:25, Adam D. Barratt wrote:
On Sun, 2012-08-26 at 18:48 -0700, Asheesh Laroia wrote:Bug #653238 describes a crasher bug, possibly a security vulnerability, in alpine. The security team has indicated on the bug that they're not going to open a Debian Security Advisory for the alpine bug, and indicate, "You/the maintainer may choose to fix it in (old)stable through a point update, or leaveit at this." I choose to update stable through a point update.I assume from reading through the bug report that the issue does notaffect the version of alpine currently in wheezy / sid? If so, pleaseadd an appropriate fixed version to make this clear.
It doesn't look like this happened yet?
I've prepared a minimal package update that adds the patch that fixes the issue. I've tested that it builds fine in a stable pbuilder; before uploading,I have tested it on a machine running stable, where it works fine.Assuming my comment above about the issue not affecting wheezy and sid is correct, please feel free to go ahead with the upload, having updatedthe bug report as above.
I checked the source of 2.02 myself to confirm that the bug is fixed there so have flagged the package for acceptance; thanks.
Regards, Adam