Dear RT, On 03/23/2011 04:48 PM, Moritz Muehlenhoff wrote: > Package: v86d > Severity: grave > Tags: security > > Please see http://seclists.org/oss-sec/2011/q1/315 for details > and a link to the patch. > > Could you fix this in a point update?
v86d has an open security issue in oldstable, stable, testing and unstable (CVE-2011-1070 / Bug#619404). For testing/unstable, the fix is just to upload the new upstream release. For stable I could add the patch [1] and ask you to approve that package into 6.0.2. However we also could push 0.1.10 in there, because the current 0.1.9-1 in Squeeze already has two patches from upstream Git and going to 0.1.10 would only add two more minor ones ([2] and [3]) with [3] being even unused in the final binary. Do you have an opinion on this? Having 0.1.10 in there would mean less patch updates in the future if they would be needed. For oldstable cherry-pinking [1] should be fine. Regards Evgeni [1] http://repo.or.cz/w/v86d.git/commitdiff/f9abfd412639286c3143e93e8ba2c9598dfba640 [2] http://repo.or.cz/w/v86d.git/commitdiff/982d5ea17847d1e27bb650d9a3205a368b197131 [3] http://repo.or.cz/w/v86d.git/commitdiff/e3bde5d9d4e433c4f8ccd2c7020d36e66712a835 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
