On Mon, 2011-12-19 at 22:51 +0000, Dominic Hargreaves wrote: > On Mon, Dec 19, 2011 at 12:58:35PM +0000, Adam D. Barratt wrote: > > On 19.12.2011 11:30, Dominic Hargreaves wrote: > > >The security team has asked that we fix a couple of no-dsa issues in > > >the next squeeze point release. This bug > > >(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604902) was also > > >queued for a point release update. [...] > > The patch looks like it would be okay; thanks. However, in order to > > approve the upload for a point release, we'd need to see full > > debdiffs for the proposed package which would be uploaded. > > Current debdiff (without finalised changelog) attached.
Thanks. Overall the diff looks fine, although the first two of these: + * [SECURITY] CVE-2011-2939: Fix decode_xs n-byte heap-overflow security + bug in Unicode.xs (Closes: #637376) + * [SECURITY] CVE-2011-3597: Fix unsafe use of eval in Digest->new(); + thanks to Ansgar Burchardt for the notification (Closes: #644108) + * Unregister signal handler before destroying my_perl; fixes segfault + (Closes: #604902) appear to no longer be marked as fixed in testing and unstable. I'm guessing this is purely an artefact of the archive + re-open but it would be good if the BTS versioning could be fixed up to accurately reflect the state of the bugs. Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
