On Thu, Nov 08, 2012 at 10:40:19PM +0100, Pierre Chifflier wrote: > On Thu, Nov 08, 2012 at 08:03:35AM +0100, Moritz Muehlenhoff wrote: > > Package: trousers > > Severity: grave > > Tags: security > > Justification: user security hole > > > > Please see here for details: > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0698 > > > > Cheers, > > Moritz > > > > Hi Moritz, > > I have tested with the python script referenced in the sourceforge > ticket [1], and testing/unstable version is not affected. > > Version in squeeze seems affected, so I have prepared an upload with the > fix from upstream [2]. I am attaching the diff to this email, can you > confirm me if it is fine, and if I can upload it ?
Sorry for the late reply. This seems to have fallen through the cracks and I'm currently catching up with old mail. I think this doesn't warrant a DSA, but could you fix this through a stable point update? http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable (Adding Jonathan, the stable point update security coordinator to CC) Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
