[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#824872: jessie-pu: package nspr/2:4.12-2+deb8u1

Hi,
On Sun, May 29, 2016 at 06:15:06PM +0200, Florian Weimer wrote:
> * Guido Günther:
> 
> > Note that the only (as to my understanding) serious regression has been
> > pointed out by Florian as well:
> >
> >     https://lists.debian.org/debian-lts/2015/11/msg00037.html
> >     https://bugzilla.redhat.com/show_bug.cgi?id=1260698
> >
> > and it's unclear if this part of the ABI.
> 
> The practical impact seems pretty low.
> 
> There is another ABI issue:
> 
>   https://bugzilla.mozilla.org/show_bug.cgi?id=1247021
> 
> But I think we are rebasing past the introduction of this struct and
> its change, so it wouldn't impact Debian stable.

…the bug is a nice example how this is handled upstream (and that we
wouldn't be alone tracking/fixing these regressions). Overall I'd feel
more certain to fix these than to backport large invasive patches in
order to fix CVE-2015-4000, CVE-2014-3566 and friends. Especially since
we have abi-compliance-checker.

Cheers,
 -- Guido
Reply to: