On Fri, Aug 21, 2009 at 11:52:41PM +0200, Alexander Sack wrote: > On Fri, Aug 21, 2009 at 11:10:47PM +0200, Moritz Muehlenhoff wrote: > > On Fri, Aug 21, 2009 at 11:05:22PM +0200, Mike Hommey wrote: > > > On Fri, Aug 21, 2009 at 11:02:33PM +0200, Moritz Muehlenhoff wrote: > > > > Mike Hommey wrote: > > > > > > > > > > New upstream versions are normal for this kind of stuff in > > > > > > unstable/testing, so i thought it was not noteworthy. > > > > > > > > > > > > Is the security team following that road? > > > > > > > > > > The security team is backporting the fixes. > > > > > > > > I've been looking into the changes for the last two hours > > > > and I think I'll have to revert to building an update based > > > > on a 3.12.4 snapshot. > > > > > > > > The changes are massive and very subtle to backport, so I'm > > > > afraid I might miss something seemimgly harmless, yet crucial. > > > > I'll give it some more beating, haven't made up my mind yet. > > Sounds better. We have nss 3.12.3.1 in ubuntu everywhere for a few > weeks now. > > On top you might want to take > https://bugzilla.mozilla.org/show_bug.cgi?id=486537 > for which we will do an individual update next week in ubuntu.
A patch for that is applied in 3.12.3-1 in squeeze already, FWIW, though the approach is slightly different. See https://bugzilla.mozilla.org/show_bug.cgi?id=488959 IIRC, lintian helped spot it. Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
