Re: fixing CVE-2010-0395 for testing
Hi,
On Sun, Jun 06, 2010 at 03:22:36PM +0200, Nico Golde wrote:
> Would it be possible to upload a minimal version only carrying the security
> patch to testing-security?
Possible, yes. I'd like to avoid that, though if possible.
It would need a rebuild, whereas I can upload -11 as-is already
(and it fixes some other important stuff, too, as you see in the changelog.
No XML signing support *only* on kfreebsd-i386 is, umm, bad. Same as dependency
differences because of the bashisms...)
> Otherwise I'd propose to upload your -11 version to t-p-u.
OK. Let's wait for the release team for their opinion.
> Btw the testing-security team has an embargoed queue as well, so next time it
> should also work to upload a fixed version prior to disclosure if the
> migration is a common show stopper for this package.
If I knew in advance that gcc-defaults would block again - yes, I could have done
that. But well, I noticed that stopper only 1 day before the disclosure, see the
reporting date/trime of #584545.
And it normally would not have been a blocker if someone didn't decide they need
to bump libgc-bcs .shlibs again...
Grüße/Regards,
René
--
.''`. René Engelhard -- Debian GNU/Linux Developer
: :' : http://www.debian.org | http://people.debian.org/~rene/
`. `' rene@debian.org | GnuPG-Key ID: D03E3E70
`- Fingerprint: E12D EA46 7506 70CF A960 801D 0AA0 4571 D03E 3E70
Reply to: