On Thu, 2010-09-23 at 20:37 +0200, Thomas Mueller wrote: > I'd like to ask you for a freeze exception of quassel 0.7.1. > The current version of quassel in testing is 0.6.1-2. > This version has a security hole as documented in [1] and in this bug report > as well [2]. > > To fix this issue I could upload 0.6.3,
Or 0.6.1-3 containing just the security fix. (Jumping to 0.6.3 assumes that all of the changes in 0.6.2 are okay; I haven't checked each of them, but there appear to be a couple of dozen of them). > but this is already a some kind of > outdated branch within quassel develoment as 0.7 has been released recently. The diff between the 0.6.1 and 0.7.1 packages (ignoring .po changes) is 167 files changed, 5192 insertions(+), 888 deletions(-) whereas the 0.6.2 to 0.6.3 diff (i.e. what's labelled as the security fix) is nearer 60-70 lines. 0.7.0 appears to have been tagged upstream a little over a week ago; that's a bit soon to be declaring 0.6 "outdated", isn't it? > 0.7.1 fixes a security hole within 0.7.0 > > Package for 0.7.1 has been uploaded unstable on September 21st. It would have been appreciated if you'd sent this mail _before_ doing that (or uploaded to experimental in the meantime). Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
