On Thu, Jul 5, 2012 at 6:21 PM, Adam D. Barratt <a...@adam-barratt.org.uk> wrote: > On 05.07.2012 11:00, Aron Xu wrote: >> >> Can you please unblock libxslt/1.1.26-13 which fixes CVE-2012-2825 >> (Bug #679283)? Patch applied: >> >> >> http://anonscm.debian.org/gitweb/?p=debian-xml-sgml/libxslt.git;a=blob;f=debian/patches/0005-cve-2012-2825.patch;h=2e7db481530519ed82a69ab41e4297767f83e6f5;hb=ecbb4ca70e90c1c4789049e7a41c6c1d2c51871e > > > This is fun: > > --- libxslt-1.1.26/debian/changelog 2012-06-15 11:04:15.000000000 +0000 > +++ libxslt-1.1.26/debian/changelog 2012-07-05 03:10:22.000000000 +0000 > @@ -1,9 +1,8 @@ > -libxslt (1.1.26-12+rebuild1) unstable; urgency=low > +libxslt (1.1.26-13) unstable; urgency=low > > - * Rebuild against new libxml2 to make xslt-config identical across > - architectures. > + * Patch to fix CVE-2012-2825 (Closes: #679283). > > - -- Aron Xu <a...@debian.org> Fri, 15 Jun 2012 18:55:36 +0800 > + -- Aron Xu <a...@debian.org> Thu, 05 Jul 2012 11:09:19 +0800 > > Unblocked anyway. >
Thanks for unblocking, but no fun at all. changelog for sourceful rebuild is useless for history tracking anyway. > >> I've also prepared an update for squeeze and please advise if I can >> upload to pu. This fixes three CVEs: > > > Please don't mix different types of request in the same mail. For a stable > update, please open an appropriately usertagged pu bug, including a full > source debdiff rather than VCS pointers. > > Regards, > > Adam OK, will do, thanks! -- Regards, Aron Xu -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAMr=8w4nBB38kqaQ_MjjXLA=64jwdamx_argcesgkfvcegk...@mail.gmail.com