Bug#690795: unblock: icedove/10.0.9-1
On Wed, Oct 17, 2012 at 09:09:14PM -0400, Christoph Goehre wrote:
> Hi Moritz, hi Adam,
>
> On Mi, Okt 17, 2012 at 08:13:52 +0200, Moritz Mühlenhoff wrote:
> > On Wed, Oct 17, 2012 at 07:10:06PM +0100, Adam D. Barratt wrote:
> > > On Wed, 2012-10-17 at 19:00 +0200, Moritz Muehlenhoff wrote:
> > > > please unblock icedove 10.0.9-1
> > > >
> > > > It fixes multiple security issues
> > >
> > > I notice the README.Debian note about iceowl-extension's security
> > > support (or rather lack thereof) has been removed; is that correct?
> >
> > Christoph?
>
> yes, thats correct. It fixes #686206.
>
> Guido copied the file in November 2011, when he enabled building of the
> iceowl-extension from icedove code. Before that, we have two separate
> source package and iceowl-extension come from iceowl.
>
> Maybe Guido could say anything more about that.
I'm not sure wheter there is active _upstream_ security support for
lightning but I guess thats not different from some other packages.
One of the reasons to build iceowl-extension from icedove instead of
iceowl was to get all the fixes that go into that source tree for free
including security ones (which might not be the case for standalone
iceowl) and to have in sync versions of those two. So the situation is
certainly better than in squeeze. I'm also happy to backport security
issues for iceowl-extension (knowledge permitting).
Cheers,
-- Guido
> Should I redo my changes and upload only the security-fixed version with
> version number 10.0.9-2 into sid?
>
> Cheers,
> Christoph
>
Reply to: