Quoting Christian Perrier ([EMAIL PROTECTED]): > > That means that there's no immediate security problem fortunately, but that > > still leaves the problem of removing the embedded smarty code before this > > package can be released. > > > > As only this one file uses it, either removing it from that file, or making > > that file use the archive copy of smarty are acceptable solutions to this > > bug. > > > Please note that I recently announced a possible NMU targeted at > fixing longstanding l10n bugs. > > I have no clue about this specific bug but in case someone provides a > patch, I'll be happy to include it...in case the package maintainer > doesn't give news in a timely manner.
There are two days left before the end of my normal delay for l10n NMUs. I don't really want to interfere with work on security issues....but I can't also hold this work for too long: there are other stuff to do and I'd rather not have this rot in my hard disk. So, would an NMU *not* covering the security issue interfere with a security update ? Again, I'd be happy to do the ecurity update but I need a patch. I tried to have a look at the issue but it requires skills I don't have.
signature.asc
Description: Digital signature
