Hi Rob, On Thu, Jan 05, 2017 at 08:11:21PM +0000, Adam D. Barratt wrote: > Control: tags -1 -moreinfo +confirmed > > On Sat, 2016-10-22 at 14:11 -0500, Rob Browning wrote: > > "Adam D. Barratt" <a...@adam-barratt.org.uk> writes: > > > > > Control: tags -1 + moreinfo > > > Control: severity -1 normal > > > > > > On Sat, 2016-10-22 at 13:10 -0500, Rob Browning wrote: > > >> I'd like to propose an update for jessie as described by the attached > > >> debdiff. Though the final upload/diff might be slightly different > > >> (i.e. the dpm hashes). > > >> > > >> Both of the changes (patches) have been cherry-picked from upstream as > > >> described in the patch headers. > > > > > > The security tracker indicates that both issues - CVE-2016-8605 and > > > CVE-2016-8606 - still affect the guile-2.0 packages in unstable. Is that > > > correct? If so then that would be a prerequisite to applying the fixes > > > in stable. > > > > Hmm, well I'm also preparing 2.0.13+1-1 packages for unstable that include > > (upstream) both fixes. Should I upload those first? > > That happened in the meantime, so please feel free to go ahead with the > upload to stable.
Any news on that upload? Regards, Salvatore
