On 15.01.2012 20:39, Nicholas Bamber wrote:
unstable/testing [CVE-2012-0024, CVE-2011-5055]: This was fixed in
1.4.09-1 but Sam has issued one further release, 1.4.10 with a last
tweak. For this version all the three CVE tickets are fundamentally
the
same issue.
stable [CVE-2012-0024, CVE-2011-5055]: I previously sent a debdiff. I
need to issue a new one.
[...]
I am not sure what to do now apart from issuing 1.4.10-1. Do I raise
new
bug reports?
Based on the above, I'd suggest, in order:
- update unstable, ensuring that all relevant bugs are fixed there
- confirm with the security team that they don't wish to issue a fix
for CVE-2011-5055 directly, if you haven't already done so (I suspect
they won't, but the security tracker doesn't indicate that right now, so
it's worth checking)
- assuming a nack from the security team, prepare an updated package
from stable and send the new debdiff to this thread
Does that sound reasonable?
Regards,
Adam
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive:
http://lists.debian.org/[email protected]
