Jonas Smedegaard wrote: > On Thu, Jan 21, 2010 at 06:56:12AM +0100, Frank Lin PIAT wrote: >>On Wed, 2010-01-20 at 17:29 -0600, Raphael Geissert wrote: >>> 2010/1/20 Frank Lin PIAT <[email protected]>: >>> > On Tue, 2010-01-19 at 02:13 +0100, Pascal Volk wrote: >>> >> >>> >> The MoinMoin developers have released moin-1.9.1. This release fixes >>> >> a security issue¹. It provides also a lot small bug fixes. >>> > >>> > I've attached a patch for the security update, backporting upstream's >>> > security update in 1.9.1 (as 1.9.0-1+squeeze1 so it can be uploaded >>> > with urgency = high) >>> >>> Is there any reason why this shouldn't be uploaded to unstable (or the >>> new upstream release even)? or why do you use that version name? >> >>It is intended to be uploaded to unstable. (If you ask this, I suppose I >>shouldn't have named it "+squeeze1") > > I am alive - just pretty busy :-/
That was one of the possiblities ;-) > I'll prepare and upload a standard upgrade of python-moin to the new > upstream security-bug release 1.9.1, and will target it unstable with > urgency high. I prepared a patch, backporting 1.9.1 security update only. > Does there exist some CVE or similar that we should include? See http://security-tracker.debian.org/tracker/TEMP-0000000-000001 (and my comments in the BR). Franklin -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
