Control: tags -1 + pending
On 27.08.2012 19:25, Adam D. Barratt wrote:
On Sun, 2012-08-26 at 18:48 -0700, Asheesh Laroia wrote:
Bug #653238 describes a crasher bug, possibly a security
vulnerability, in
alpine. The security team has indicated on the bug that they're not
going to
open a Debian Security Advisory for the alpine bug, and indicate,
"You/the
maintainer may choose to fix it in (old)stable through a point
update, or leave
it at this." I choose to update stable through a point update.
I assume from reading through the bug report that the issue does not
affect the version of alpine currently in wheezy / sid? If so,
please
add an appropriate fixed version to make this clear.
It doesn't look like this happened yet?
I've prepared a minimal package update that adds the patch that
fixes the
issue. I've tested that it builds fine in a stable pbuilder; before
uploading,
I have tested it on a machine running stable, where it works fine.
Assuming my comment above about the issue not affecting wheezy and
sid
is correct, please feel free to go ahead with the upload, having
updated
the bug report as above.
I checked the source of 2.02 myself to confirm that the bug is fixed
there so have flagged the package for acceptance; thanks.
Regards,
Adam
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
