http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445595
I have done an NMU of version 0.4.5+cvs20030824-2.1 of the smpeg package. It has two lines of change as included in a patch on the above bug report. There has been no response from the maintainer, the bug is almost a year old, and it has security implications. http://etbe.coker.com.au/2008/08/11/executable-stacks-lenny/ The above blog post has some background. I think it would be good to get this into Lenny. I expect that including an NMU at late notice would be something you would prefer not to do. But given that it reduces security by permitting stack overflow bugs in applications that use it I think it's worthy of inclusion. I waited two weeks after proposing an NMU and blogging about it with no response. If anyone was watching and had any objection I'm sure I would have heard it by now. -- [EMAIL PROTECTED] http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
