* Moritz Muehlenhoff <j...@inutil.org> wrote: > On Wed, Nov 03, 2010 at 01:06:24AM +0200, Jari Aalto wrote: > > The following message is a courtesy copy of an article > > that has been posted to gmane.linux.debian.devel.release as well. > > > > > Julien Cristau <jcris...@debian.org> writes: > > | Newsgroups: gmane.linux.debian.devel.release > > | Subject: Re: Security unblock requests > > | Date: Sat, 23 Oct 2010 15:13:20 +0200 > > | Message-ID: <20101023131320.gs3...@radis.liafa.jussieu.fr> > > | > > > On Sat, Oct 23, 2010 at 14:37:20 +0200, Moritz Muehlenhoff wrote: > > > > > >> More unblock requests: > > >> ust/0.7-2.1 -> CVE-2010-3386 > > > > > > 52 files changed, 3116 insertions(+), 1232 deletions(-) > > > > Need more information. Local check: > > > > $ debdiff ../build-area/ust_0.7-2.dsc ../build-area/ust_0.7-2.1.dsc | > > lsdiff > > ust-0.7/debian/changelog > > ust-0.7/debian/patches/CVE-2010-3386--bug598309.diff > > ust-0.7/debian/patches/series > > > > $ debdiff ../build-area/ust_0.7-2.dsc ../build-area/ust_0.7-2.1.dsc | > > filterdiff -x '*changelog' | wc -l > > 50 > > What is the status? This is still unfixed in Squeeze.
Hi Moritz, sorry for the delay. I would prefer to backport the upstream patch for this bug and create a security update for the version in squeeze (version 0.5-1). I belive this is the correct thing to do, but I have never dealt with a security issue in one of my packages going into a release, so I'm a bit nervous about what to do. What is your suggestion on how to proceed? -- Jon -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
