Public bug reported:
Binary package hint: tinyproxy
I'm requesting a Freeze Exception for tinyproxy in lucid.
The current version in Ubuntu is a diversion from Debian, as done by a
MOTU member. However, in the updating process, it looks like a potential
security fix was dropped even if it still applied to the new 1.6.x
version they upgraded to.
I've taken over tinyproxy in Debian very recently, after many years of
no maintenance, and have worked with the new upstream authors to cleanup
our buglist, forward patches and downstream bugs. The new upstream 1.8.x
branch should fix all the open issues in Ubuntu, and upstream is really
interested in having the new code in the LTS release, because it fixes
most of the recurring bugreports.
In short, the situation is:
* In Ubuntu, the latest 1.6.x release is available in lucid. However, there's
a potential security regression due to careless dropping of Debian patches.
* In Debian unstable (should be in testing too, but the BTS is having
versioning tracking problems which is preventing migration), 1.8.1 is available
which fixes all of the Ubuntu/Debian issues.
** Affects: tinyproxy (Ubuntu)
Importance: Undecided
Status: New
--
sync tinyproxy 1.8.1-3 from Debian unstable
https://bugs.launchpad.net/bugs/556623
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
