-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have talked to the upstream developers and they are still evaluating (within their means) whether a decent backported patch for 1.8.2 can be provided. They have pointed me to using the newer version instead that has the security flaws fixed. And I have of course explained the Debian policy to them that doesn't allow it and they understand it but perhaps can't help here. I am still waiting for their feedback but don't have much hope.
Meanwhile I have tried to determine the kind of patch they did to fix the bugs. But unfortunately those security bugs were fixed along with other patches in a big commit/patchset. Not being a decent PHP coder I failed to backport the patches myself. What will we do if upstream can't help either? Cheers Christoph -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8AqEUACgkQCV53xXnMZYYbuQCglFutq8xBTguRfkuTMMNFZdF7 fTQAoIWCYTxMefVPAi/0M9p0wSoIA4Pu =vvVp -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
