Re: CVE-2012-3435: zabbix/testing
On Sat, 8 Dec 2012 19:15:36 Yves-Alexis Perez wrote:
> On sam., 2012-12-08 at 11:10 +1100, Dmitry Smirnov wrote:
> > After discussing this issue we're all agreed that 1.8.11 shall be removed
> > from testing or replaced with 1:2.0.2+dfsg-4 (for which we have an
> > unblock request #687916).
>
> Note that a bunch of issues affect stable too. What is the plan for
> them?
As far as I'm aware there is no security issues left.
As for policy issues I hope we can let it retire as long as package
functionality is not affected.
Please advise if you think there are issues that must be addressed in stable
and I'll see what I can do.
Frankly I'm not too confident with packaging prior to version 2 due to lack of
experience.
> > The problem will be gone if 2.0.2 will be allowed to migrate -- otherwise
> > we will request removal of 1.8.11 from testing and upload to
> > wheezy-backports.
> >
> > So at the moment we're waiting for release team decision.
>
> I didnd't see the debdiff,
I updated #687916 with debdiff and replied in another email.
> but I'm not sure that's something they'll
> really want to migrate at that time of the freeze.
Most certainly you're right -- there is little hope left for unblock.
Still to avoid unnecessary work I think it make sense to wait for decision on
this matter before filing removal request.
Regards,
Dmitry.
Reply to: