On Thu, Sep 06, 2012 at 10:52:30AM -0500, Rob Browning wrote:
> Moritz Muehlenhoff <j...@inutil.org> writes:
>
> > I was more thinking about unstable, where this is still unfixed for emacs23.
>
> In that case I've had to take some time to finish working out another
> problem (that requires simultaneous changes to emacs23/24 in both wheezy
> and sid) -- it's an issue with the emacs metapackage binary that
> involves the creation of a new gcc-defaults-style source package.
>
> At this point, I think I've finished discussing that with the release
> team, but haven't had time since then (until today) to finish the work.
> I expect to have uploads for both before Monday.
>
> > Hopefully someone will have time to release the stable-security update
> > soon.
>
> How does that work? I have the packages ready to go, but was just
> waiting for approval to upload -- or does the security team handle
> building stable packages?
Hi Rob,
Sorry the late response. I'm very short of time the last months and
apparently noone else chimed in on this thread.
Please upload your build to security-master (it needs to be build with
-sa, since emacs23 is new in the stable-security suite (otherwise
the security buildd network will trigger strange errors)
As for the other security issues (untrusted search path in CEDET):
I had a look at the Ubuntu security update for Emacs, which the released
a few days ago; they also ignored the CEDET issue since they couldn't
create a backport for the releases based on releases older than 23.3.
Also, since the vulnerability is rather far-fetched we can ignore it
for Squeeze IMHO.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
