Re: CVE-2011-1521 and CVE-2011-3389 - fixed packet
On Mon, Sep 24, 2012 at 4:27 AM, Arne Wichmann wrote:
> begin quotation from Michael Gilbert (in <jMfPP-2tW-7@gated-at.bofh.it>):
>> On Fri, Sep 21, 2012 at 11:40 AM, Arne Wichmann wrote:
>> > Ok, I just created one more fixed version of python2.6 for my own use.
>> > Whoever is interested can find it at [1] for the time being. If anybody has
>> > comments or improvements I am also interested.
>>
>> Would you mind attaching a debdiff so we can see what you did? If
>> your changes look reasonable, I may be willing to work with you to
>> sponsor a stable-proposed update:
>> http://www.debian.org/releases/proposed-updates
>
> Attached.
Thanks for your work on this. There are a couple easily correctable
issues. One is that the debdiff is backwards. Second, its better to
use cve numbers to name the patches rather than commit ids. Third,
the distribution should be stable-proposed-updates rather than stable,
and there should only be one new entry in the changelog, and the
version should be +squeeze1.
Finally, there are some other unfixed python2.6 issues. Would you
mind taking a look at those? It would be good to include them all in
a new update:
http://security-tracker.debian.org/tracker/source-package/python2.6
Thanks again!
Mike
Reply to: