Re: v86d 0.1.10 for Squeeze?
On Sun, 2011-04-03 at 17:14 +0200, Evgeni Golov wrote:
> v86d has an open security issue in oldstable, stable, testing and
> unstable (CVE-2011-1070 / Bug#619404).
>
> For testing/unstable, the fix is just to upload the new upstream release.
So far as I can see, that didn't happen yet? Having the issue fixed in
unstable at least is generally a prerequisite for fixing it in stable.
> For stable I could add the patch [1] and ask you to approve that package
> into 6.0.2. However we also could push 0.1.10 in there, because the
> current 0.1.9-1 in Squeeze already has two patches from upstream Git and
> going to 0.1.10 would only add two more minor ones ([2] and [3]) with
> [3] being even unused in the final binary.
This may be an option, but I'd like to see a final debdiff between the
0.1.10 package that gets uploaded to unstable and the current squeeze
package before we make a final decision.
Regards,
Adam
Reply to: