Bug#810887: jessie-pu: package libcgi-session-perl/4.48-1+deb8u1
On Wed, Jan 13, 2016 at 13:23:48 +0000, Adam D. Barratt wrote:
> On 2016-01-13 11:16, Dominic Hargreaves wrote:
> >We're working on a fix for #810799 which is a regression in Debian
> >stable triggered by the recent perl DSA (it will also be triggered by
> >the point release update in #809561).
> >
> >This should be fixed in jessie, and given the timescale, and the fact
> >that it's not technically a regression in the DSA package, the consensus
> >seems to be that a point release update is appropriate.
> >
> >There is a patch under review in the bug report and so hopefully we will
> >be able to supply an updated package (for sid as well as jessie) by the
> >weekend. It would be useful to know if you have a precise cutoff for
> >uploads, given the short timescale for packaging and testing this fix.
>
> The cut-off is intentionally fluffy, because it allows us some flexibility
> to evaluate how many confirmed uploads are still pending, whether any of the
> non-uploaded packages are particularly urgent, when team members are
> available to process any remaining uploads, and so on. It's also a little
> easier to be flexible about a case where there are no arch:any binaries
> involved, as there's no risk of a FTBFS on a particular architecture, or any
> buildd availability issues.
>
> Please keep us updated on progress, but this sounds like it shouldn't be an
> issue in practice.
>
And if it's not ready in time for 8.3, jessie-updates or jessie-security
can still be used.
Cheers,
Julien
Reply to: