On Mon, 2011-07-04 at 21:13 +0100, Jonathan Wiltshire wrote: > I recently uploaded an NMU for vftool to fix CVE-2011-0433 in sid > (bug #614669). At the time I notified the maintainer that I would perform > uploads for stable and oldstable and I have not had any response, therefore > the stable patch is attached. > > Stable is easy: the same version is present, so the patch is just the same > as for unstable.
Thanks for this. I assume the stable upload would be 2.0alpha-4 +squeeze1 or similar? (Or 2.0alpha-4.1~squeeze1 would work, I suppose). > In oldstable, you have a choice of whether to include the changes in -4 or > not. They fix a FTBFS (which I could not reproduce in a lenny chroot) but > are not strictly necessary to fix the CVE. I will prepare uploads > according to your preference. The FTBFS would only occur if the lenny version were built with _GNU_SOURCE defined (which it obviously wasn't, given that it built to start with); only later versions of (e)glibc unconditionally define getline(). On that basis, please only include the security-related changes for oldstable. Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
