Re: v86d 0.1.10 for Squeeze?

To: Evgeni Golov <evgeni@debian.org>
Cc: debian-release@lists.debian.org, Moritz Muehlenhoff <muehlenhoff@univention.de>, 619404@bugs.debian.org
Subject: Re: v86d 0.1.10 for Squeeze?
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Mon, 25 Apr 2011 16:54:21 +0100
Message-id: <[🔎] 1303746861.3323.5698.camel@hathi.jungle.funky-badger.org>
In-reply-to: <[🔎] 4D988EDD.2040207@debian.org>
References: <20110323154814.26927.75913.reportbug@irma.knut.univention.de> <[🔎] 4D988EDD.2040207@debian.org>

On Sun, 2011-04-03 at 17:14 +0200, Evgeni Golov wrote:
> v86d has an open security issue in oldstable, stable, testing and
> unstable (CVE-2011-1070 / Bug#619404).
> 
> For testing/unstable, the fix is just to upload the new upstream release.

So far as I can see, that didn't happen yet?  Having the issue fixed in
unstable at least is generally a prerequisite for fixing it in stable.

> For stable I could add the patch [1] and ask you to approve that package
> into 6.0.2. However we also could push 0.1.10 in there, because the
> current 0.1.9-1 in Squeeze already has two patches from upstream Git and
> going to 0.1.10 would only add two more minor ones ([2] and [3]) with
> [3] being even unused in the final binary.

This may be an option, but I'd like to see a final debdiff between the
0.1.10 package that gets uploaded to unstable and the current squeeze
package before we make a final decision.

Regards,

Adam

Reply to:

References:
- v86d 0.1.10 for Squeeze?
  - From: Evgeni Golov <evgeni@debian.org>

Prev by Date: Bug#623529: pu: package git/1:1.7.2.5-2
Next by Date: Re: Proposed patch to aptitude in stable to fix a low-impact security bug
Previous by thread: v86d 0.1.10 for Squeeze?
Next by thread: Bug#617272: transition: python3-defaults
Index(es):
- Date
- Thread