On Fri, 10 Dec 2010 21:24:57 +0100, Jonas Smedegaard wrote: > On Fri, Dec 10, 2010 at 07:45:18PM +0100, Moritz Muehlenhoff wrote: > >On Thu, Dec 09, 2010 at 10:48:46PM -0500, Michael Gilbert wrote: > >> I've isolated and applied the patches needed to fix CVE-2010-2055 in > >> ghostscript. See attached debdiff. > >> > >> Would anyone be so kind to sponsor this? The package is at: > >> http://mentors.debian.net/debian/pool/main/g/ghostscript/ > > > >I don't have time to sponsor this currently, but this should be > >uploaded with urgency=low, since there's the potential that > >applications rely on the old, broken behaviour. > > > >I also remember that Jonas is still considering to introduce > >Ghostscript 9.0 into Squeeze. Jonas, what's the current status? > > Michael is right - release team apparently was following my work and > turned it down even before formally proposing it: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584653#132 > > @Michael: Sorry, I won't sponsor your patch. As stated earlier as well, > I consider myself incompetent juggling any more patches on top of the > 8.71 stack.
The patches are actually rather small. > You are quite welcome to join the ghostscript packaging team and take > responsibility of it yourself - for the full duration of the next stable > release cycle! What exactly do you want me to do? I'm a DM, so I can't upload myself (without dm-upload-allowed). I could add that, but I still need an initial sponsor. In the meantime I've joined the ghostscript mailing list and requested to join the alioth project. Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
