tag 652107 + squeeze moreinfo thanks On Wed, 2011-12-14 at 22:12 +0100, Salvatore Bonaccorso wrote: > libpar-packer-perl 1.006-1 and libpar-perl 1.000-1 in Squeeze are > affected by CVE-2011-4114: "PAR packed files are extracted to unsafe > and predictable temporary directories.". [...] > The debdiffs I would propose are attached. I have one further > question, would you accept addition of these patches (adapted) [3] and > [4]? > > [3] http://search.cpan.org/diff?from=PAR-Packer-1.011&to=PAR-Packer-1.012&w=1 > [4] http://search.cpan.org/diff?from=PAR-1.004&to=PAR-1.005&w=1
Yes, those patches should be okay to include. I'd like to see final debdiffs before giving a final ACK though. It wasn't entirely clear from your mail, but have the packages with the patches applied been tested on squeeze? Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
