On Wed, Oct 17, 2012 at 09:09:14PM -0400, Christoph Goehre wrote: > Hi Moritz, hi Adam, > > On Mi, Okt 17, 2012 at 08:13:52 +0200, Moritz Mühlenhoff wrote: > > On Wed, Oct 17, 2012 at 07:10:06PM +0100, Adam D. Barratt wrote: > > > On Wed, 2012-10-17 at 19:00 +0200, Moritz Muehlenhoff wrote: > > > > please unblock icedove 10.0.9-1 > > > > > > > > It fixes multiple security issues > > > > > > I notice the README.Debian note about iceowl-extension's security > > > support (or rather lack thereof) has been removed; is that correct? > > > > Christoph? > > yes, thats correct. It fixes #686206. > > Guido copied the file in November 2011, when he enabled building of the > iceowl-extension from icedove code. Before that, we have two separate > source package and iceowl-extension come from iceowl. > > Maybe Guido could say anything more about that.
I'm not sure wheter there is active _upstream_ security support for lightning but I guess thats not different from some other packages. One of the reasons to build iceowl-extension from icedove instead of iceowl was to get all the fixes that go into that source tree for free including security ones (which might not be the case for standalone iceowl) and to have in sync versions of those two. So the situation is certainly better than in squeeze. I'm also happy to backport security issues for iceowl-extension (knowledge permitting). Cheers, -- Guido > Should I redo my changes and upload only the security-fixed version with > version number 10.0.9-2 into sid? > > Cheers, > Christoph > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
