On Thu, Jun 16, 2011 at 10:11:09PM +0200, Florian Weimer wrote:
Okay, then we should release a DSA for it, so that the breakage is
more easily blamed on this particular change, and that it's less
confusing if we have to issue follow-up DSAs. Perhaps late May or
early June would be a
* Dominic Hargreaves:
Okay, then we should release a DSA for it, so that the breakage is
more easily blamed on this particular change, and that it's less
confusing if we have to issue follow-up DSAs. Perhaps late May or
early June would be a convenient release date?
Wasn't the earlier
On Sun, May 01, 2011 at 10:33:35PM +0200, Moritz Mühlenhoff wrote:
On Sat, Apr 30, 2011 at 06:26:51PM +0200, Florian Weimer wrote:
* Adam D. Barratt:
I do share Florian's concern about the potential breakage as a result of
the change. Do we have any idea how many packages in
On Sat, Apr 30, 2011 at 06:26:51PM +0200, Florian Weimer wrote:
* Adam D. Barratt:
I do share Florian's concern about the potential breakage as a result of
the change. Do we have any idea how many packages in {old,}stable would
be affected and to what degree? Particularly in the case of
* Adam D. Barratt:
I do share Florian's concern about the potential breakage as a result of
the change. Do we have any idea how many packages in {old,}stable would
be affected and to what degree? Particularly in the case of oldstable,
with its four month update cycle, fixing packages broken
On Sat, Apr 30, 2011 at 06:26:51PM +0200, Florian Weimer wrote:
* Adam D. Barratt:
I do share Florian's concern about the potential breakage as a result of
the change. Do we have any idea how many packages in {old,}stable would
be affected and to what degree?
I don't think we have any
On Fri, 2011-04-22 at 12:29 +0100, Dominic Hargreaves wrote:
On Wed, Apr 20, 2011 at 08:52:31AM +0300, Niko Tyni wrote:
On Tue, Apr 19, 2011 at 04:18:36PM +0200, Florian Weimer wrote:
http://nntp.perl.org/group/perl.perl5.porters/171010
I'm therefore downgrading the severity.
On Wed, Apr 20, 2011 at 08:52:31AM +0300, Niko Tyni wrote:
severity 622817 important
thanks
On Tue, Apr 19, 2011 at 04:18:36PM +0200, Florian Weimer wrote:
* Niko Tyni:
Security team, I assume this is going to be fixed through a DSA?
I don't think this is a security bug on its
* Niko Tyni:
Security team, I assume this is going to be fixed through a DSA?
I don't think this is a security bug on its own.
It should be trivial to port this to squeeze and lenny. I'll try to
prepare the debdiffs on Sunday, but if somebody else wants to do that,
feel free.
If this bug
severity 622817 important
thanks
On Tue, Apr 19, 2011 at 04:18:36PM +0200, Florian Weimer wrote:
* Niko Tyni:
Security team, I assume this is going to be fixed through a DSA?
I don't think this is a security bug on its own.
Yes, turns out upstream thinks similarly.
On Fri, Apr 15, 2011 at 11:41:02PM +0300, Niko Tyni wrote:
Please note that the sid fix can't currently be uploaded on its own
because of a db4.7 related problem (just filed as #622916).
Partly as a reminder to myself: I plan to merge this into experimental
once the upload to sid has been
On Fri, Apr 15, 2011 at 11:41:02PM +0300, Niko Tyni wrote:
On Thu, Apr 14, 2011 at 09:45:55PM +0100, Dominic Hargreaves wrote:
Package: perl
Version: 5.10.1-19
Severity: grave
Tags: security
Justification: user security hole
CVE description:
The (1) lc, (2) lcfirst, (3) uc,
tag 622817 patch fixed-upstream
forwarded 622817 http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
thanks
On Thu, Apr 14, 2011 at 09:45:55PM +0100, Dominic Hargreaves wrote:
Package: perl
Version: 5.10.1-19
Severity: grave
Tags: security
Justification: user security hole
CVE
Package: perl
Version: 5.10.1-19
Severity: grave
Tags: security
Justification: user security hole
CVE description:
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl
5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11,
do not apply the taint attribute to the
14 matches
Mail list logo
