-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Tue, Dec 17, 2013 at 04:06:20PM +0800, Thomas Goirand wrote: > On 12/17/2013 02:41 PM, Yves-Alexis Perez wrote: > > Also debdiff doesn't include diff from outside the debian/ folder so > > it's a bit harder to see the impact of new upstream release. > > There's no security problem at all in python-iso8601 itself. It's just > that I need version 0.1.8 for the new point release of OpenStack, which > fixes the above CVE, as version 0.1.4 is incompatible with version 0.1.8 > (there's some API changes, unfortunately).
I was merely pointing the fact that it's harder to give a go/nogo without having a full debdiff, especially since we have no idea of the fallouts it can have in case it breaks something. Regards, - -- Yves-Alexis Debian security team -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJSsBJsAAoJEG3bU/KmdcClJIoIAI0PQ4OFoXt1amn9ido5lIsp +3Ta9Kzic99Am3zD7dEnsL5pOiTqf2Jj3NJzvIUXTRp9RIQm/kvjEW2PrF3w6y+e Xv3UNlooZNfvPNXTAbhsais42EbszwShzlTG/lSd+9El2+rUXc9/CbTrU0EkdRQ4 VPpF0MDmT3mgkRc2VBM5R9dmtnIl1F03VKVv1iXxtL8z7FbaYimpk+GQPWjJiodo yDwWwXUK/asvFR/FAeZLpLR542KgBQVF/vP9jb4C7f5CpSqN1HHVmPIdV3xRklu3 eENVssy1UzZ8ke3xdO6sxfmjzjFWjRWf7f7zbWSUKAnbRPhptWAZtK8KkEOMIuk= =LvFW -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
