Yes, the patch updates the package to 1.6.1-6. That actually seems appropriate to me in this case. The only code changes since 1.6.1-1 are the (four!) security patches in 1.6.1-6, only one of which is the one mentioned in this bug. Other changes relate only to packaging: - Update to debhelper v9 - Enable multiarch - Enable hardening build flags - A format change to the debian/copyright file
In particular, the complex changes to build and maintain a symbols file mentioned in the changelog were completely reverted, and so do not appear here. I suppose one could argue that enabling multiarch has the potential to cause problems, but if that were the case, I think we'd have seen it by now, in Debian or in later Ubuntu releases. While I'm all for being conservative about what goes into security releases, IMHO in this case community is best served by getting the security fix out quickly (it's already been three weeks since upstream released the fix) and incidentally paving the way for promptly releasing any future fixes. Thus, I'd recommend abandoning any attempt to pull in only 95% of the changes since 1.6.1-1, and instead just sync 1.6.1-7 from Debian. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1192874 Title: heap overflow while processing InclusiveNamespace PrefixList To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xml-security-c/+bug/1192874/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
