Hi. I'm asking for an unblock of barnowl in order to fix a security problem. Under certain error conditions an attacker or malicious IM server could potentially exploit the vulnerabilities and run arbitrary code.
Note that this unblock would move testing from 1.5.1 to 1.6.2. I came very close to uploading 1.6.2 during debconf but wanted to do some additional testing, then the freeze was announced. However after thinking about this particular bug, I do think that squeeze would be far better with these changes than without. I can backport the change, but especially given that it is early in the freeze and that there are a lot of very useful bug fixes between 1.5.1 and 1.6.2, I believe squeeze would be a better release if you unblocked the new upstream. If you do unblock, I'd prefer that you up the urgency of the upload I made yesterday rather than waiting 10 days; I should have uploaded with higher urgency. Attached is the upstream changelog. 1.6.2 * Use a uniquified debug file location. [email protected] * Open the debug file using O_EXCL and an explicit mode. [email protected] * Don't send AIM passwords to the debug log. [email protected] * Remove some dead AIM code that sends local files to the server. [email protected] * Handle errors from ZPending and ZReceiveNotice (CVE-2010-2725). [email protected] * Include the public repository URL in the README [email protected] * Install the documentation in 'make install'. [email protected] * Add a configure flag to enable/disable building with krb4. [email protected] * Fix an infinite loop on 'view -r args'. [email protected] * Free paths to Zephyr dot-files when non-existant [email protected] * Jabber: Accept a -m argument to jwrite to set the message. [email protected] 1.6.1 * Jabber: Explain how to set your nick when joining a MUC. [email protected] * Jabber: Make smartnarrow -i filter on subject. [email protected] * Jabber: Fix completion of MUC names. [email protected] * Improve help for bindkey and unbindkey [email protected] * Fix a segfault in smartnarrow. [email protected] * Fix a race in handling of resize events. [email protected] 1.6 * Add :vp and :viewperson aliases for :viewuser. [email protected] * Fix some bugs related to resize. [email protected] * Don't auto-wrap text in command lines. [email protected] * Wrap input at 70 columns by default. [email protected] * Support filtering on whether a message has been deleted. [email protected] * Properly quote strings containing newlines or tabs. [email protected] * Check for an unset mark in owl_editwin_replace_region. [email protected] * Add the "narrow-related" variable. [email protected] * Fix a display bug under perl 5.12. [email protected] * Only use typewindelta when opening multiline editwins. [email protected] * Add some checks to ./configure. [email protected] * Fix a use-after-free in popexec.c [email protected] * Make pseudologins asynchronous [email protected] * Fix some bugs in editwin handling and clean up code. [email protected] * Add new command unbindkey for removing keybindings [email protected] * zcrypt: Implement AES encryption support using GPG. [email protected] * Add 2usage messages to everything in scripts/ [email protected] * Split zcrypt into an external, standalong binary. [email protected] * Fix minor documentation typo [email protected] * Document the init/cleanup vs. new/delete naming conventions. [email protected] * Clean up code naming conventions to help avoid memory leaks.. [email protected] * Add edit:help command for zsh-style in-edit help [email protected] * Use libpanel to simplify and improve display layer. [email protected] * Jabber: Mention [-a <account>] in :help jwrite. [email protected] * Fix zcrypt when compiling without krb4 [email protected] * Send multiple PRIVMSGs for IRC messages entered as multiple paragraphs [email protected] * Require automake ⥠1.7.0, and donât warn about portability to non-GNU make. [email protected] * Makefile.am: Use only direct children in SUBDIRS, to appease automake 1.7. [email protected] * IRC: irc-disconnect on a pending reconnect should cancel it. [email protected] * Complete several commands that accept a filename. [email protected] * Complete the 'print' and 'bindkey' commands. [email protected]
pgpsM8fW79MbR.pgp
Description: PGP signature
