Hi HÃ¥kan, > version 1:1.5.2-5 that I released to unstable is suitable for stable > aswell. Prior to this bugfix unstable and stable both contained > version 1:1.5.2-4. Attached is a patch with the fix. Do you want me to > build it for stable aswell?
Thank you for getting in touch with us. Judging from the context in which this bug manifests itself, I think releasing a DSA for it is overkill. It happens when creating a new X-Face header, which is something you would do rarely, mostly not with any random image you didn't check out before, always as an unprivileged user and what can happen is a crash of the conversion which is harly harmful. The security implications of this are very minor. Normally there's a process to fix minor security issues through a stable point update but I think this one is even too minor for that. It's great that testing and unstable are fixed for the future, but I propose that we just leave it at that and consider this case closed. Thank you for getting sid/squeeze fixed quickly. cheers, Thijs
signature.asc
Description: This is a digitally signed message part.
