On Sat, Mar 16, 2013 at 01:49:24PM -0400, Jay Berkenbilt wrote:
> > They also send me links to the upstream fixes:
> > http://bugs.icu-project.org/trac/changeset/32865
> > http://bugs.icu-project.org/trac/changeset/32908
>
> I can prepare a new upload with these fixes and call it CVE-2013-0900.
> There's a one-line fix for a Malayalam rendering problem (which causes a
> crash on certain codes and is therefore a potential DOS attack) which I
> will probably include in the same upload. Ordinarily I would not fix
> two issues in the same upload, particularly during a freeze, but the
> extreme simplicity of the second one makes me think this will be okay in
> this case.
Sounds good to me (but I'm not a release team member)
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
