[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#841724: jessie-pu: package guile-2.0/2.0.11+1-9

Control: tags -1 -moreinfo +confirmed

On Sat, 2016-10-22 at 14:11 -0500, Rob Browning wrote:
> "Adam D. Barratt" <adam@adam-barratt.org.uk> writes:
> 
> > Control: tags -1 + moreinfo
> > Control: severity -1 normal
> >
> > On Sat, 2016-10-22 at 13:10 -0500, Rob Browning wrote:
> >> I'd like to propose an update for jessie as described by the attached
> >> debdiff.  Though the final upload/diff might be slightly different
> >> (i.e. the dpm hashes).
> >> 
> >> Both of the changes (patches) have been cherry-picked from upstream as
> >> described in the patch headers.
> >
> > The security tracker indicates that both issues - CVE-2016-8605 and
> > CVE-2016-8606 - still affect the guile-2.0 packages in unstable. Is that
> > correct? If so then that would be a prerequisite to applying the fixes
> > in stable.
> 
> Hmm, well I'm also preparing 2.0.13+1-1 packages for unstable that include
> (upstream) both fixes.  Should I upload those first?

That happened in the meantime, so please feel free to go ahead with the
upload to stable.

Regards,

Adam
Reply to: