On Tue, 26 Jan 2010 14:21:11 +0100, Matthias Klose wrote: > close 566233 > thanks > > On 25.01.2010 00:18, Michael Gilbert wrote: > > reopen 566233 > > thanks > > > > On Fri, 22 Jan 2010 11:51:13 +0000 Debian Bug Tracking System wrote: > > > >> This is an automatic notification regarding your Bug report > >> which was filed against the python2.6 package: > >> > >> #566233: CVE-2009-3560 and CVE-2009-3720 denial-of-services > >> > >> It has been closed by Matthias Klose > > > > note that this update only addressed CVE-2009-3720. CVE-2009-3560 is > > still not fixed. > > wrong. this update didn't address CVE-2009-3720, because there is nothing to > address. please be more careful when cloning reports. CVE-2009-3560 is fixed, > please be more careful validating bug fixes, or point out what is missing.
i see now that the patch is included in svn-updates.patch, but that begs the question of why are you including so much (as-yet) unreleased upstream code for a package that is intended for a stable release? don't you want to diverge as little as possible from the stable upstream point release? btw, do you have a response on the embed question? there is no reason for the namespace change since all debian packages (once all of the embeds are fixed) will be using the same expat version. mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
