Hello, Can libguac 0.6.0-2 be allowed into wheezy? It contains a fix for a security vulnerability (http://security-tracker.debian.org/tracker/CVE-2012-4415), but is being blocked because of the freeze. Thanks, - Mike ---------- Forwarded message ---------- From: Nico Golde <nico@ngolde.de> Date: Wed, Sep 12, 2012 at 2:15 AM Subject: Re: guacd: buffer overflow: local users can execute arbitrary code as root To: Michael Jumper <mike.jumper@guac-dev.org> Cc: Timo Juhani Lindfors <timo.lindfors@iki.fi>, Yaroslav Halchenko <debian@onerussian.com>, Michael Jumper <zhangmaike@users.sourceforge.net>, security@debian.org, Paul Tagliamonte <paultag@gmail.com> Hi, * Michael Jumper <mike.jumper@guac-dev.org> [2012-09-11 20:46]: > On Tue, Sep 11, 2012 at 10:59 AM, Nico Golde <nico@ngolde.de> wrote: > > > > CVE-2012-4415 got assigned to this issue. Please include this identifier in > > the changelog for the fixed package. > > > > Updated (changed "testing-security" to "unstable", added reference to > CVE number). New source packages now at: > http://guac-dev.org/pub/debian/0.6.0-2 > > I would like to announce the upstream 0.6.3 release at the > approximately same time this fix hits Debian, such that neither > upstream nor those using the Debian repositories are left without an > available patched version. Thanks, I just uploaded your package. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
Attachment:
pgp_sWFudJCfD.pgp
Description: PGP signature