On Mon, 2013-04-08 at 22:56 +0200, Tzafrir Cohen wrote: > On Mon, Apr 08, 2013 at 09:13:43PM +0100, Adam D. Barratt wrote: > > On Sat, 2013-04-06 at 16:39 +0300, Tzafrir Cohen wrote: > > > Please unblock package asterisk. It includes a number of fixes, mostly > > > two series of security fixes. [...] > > > + * Patches backported from Asterisk 1.8.19.1 (Closes: #697230): > > > + - Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large > > > stack > > > + allocations when using TCP. > > > + The following two fixes were also pulled in order to easily apply > > > it: > > > + - Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop > > > > That patch is more than 30% of the diff on its own. :-( > > > > How difficult would it have been to backport the fix to the code we have > > in wheezy? > > Looking into that.
Thanks. If the answer is that it's non-trivial then it may be worth considering whether we should let the package spend a few more days in unstable (depending on how urgently the security team believe we need the fixes in wheezy). > > > + * README.Debian: document running the testsuite. > > > > Helpful as it might be, that could definitely have waited. > > Huh? Are there actually problems with documentation-only changes? Well, they're not "the absolute minimum patches that fix RC bugs", as per http://lists.debian.org/debian-devel-announce/2013/03/msg00009.html We've intentionally been tightening the criteria as we go along. With the RC count at the point it is currently, we're trying to concentrate resources on getting the remaining bugs fixed, which is easier to do when the diff just contains those fixes. It's not worth a re-upload just to not include them though. > > > + * Patch fix_xmpp_19532: fix a crash of the XMPP code (Closes: #545272). > > > > And that seems more like it might be stable update material now. > > Sorry, I didn't follow: is that good? It depends on your definition. :-) As it's not an RC bug, I was suggesting it may be worth fixing after the release rather than now. Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
