>> Package: release.debian.org >> >> Please unblock centerim/4.22.10-1. >> >> Centerim is an upstream frozen project, their releases usually include >> only security fixes. Last release (4.22.10) fixes CVE-2009-3720.
MD> There is no way we could accept this version in Squeeze.
MD> Besides, upstream's fix for this looks like:
MD> --- lib/xmltok_impl.c
MD> +++ lib/xmltok_impl.c
MD> @@ -1744,7 +1744,7 @@
MD> const char *end,
MD> POSITION *pos)
MD> {
MD> - while (ptr != end) {
MD> + while (ptr < end) {
MD> switch (BYTE_TYPE(enc, ptr)) {
MD> #define LEAD_CASE(n) \
MD> case BT_LEAD ## n: \
MD> So, it's really easy to get current testing's version patched and fixed.
MD> Please prepare a fixed version against testing's version targetting
MD> testing-proposed-updates.
How should I upload it? sid has already contained 4.22.10.
--
... mpd is off
. ''`. Dmitry E. Oboukhov
: :’ : email: un...@debian.org jabber://un...@uvw.ru
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
`- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537
signature.asc
Description: Digital signature
