Hi, I just uploaded 3.2.1-1 to unstable, it contains the changes listed here:
http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr;a=log;h=refs/heads/3.2_dev I'm CC'ing security as I suppose they might want to push this package to unstable as well. Note, the only difference between 3.2.0-4 (currently in testing) and 3.2.1-1 (just uploaded to unstable) is the security fix, see the attached debdiff on the unblock request #684140. The only difference between 3.2.0-2 in stable and 3.2.0-4 in testing are packaging cosmetics (shipping .pc, null out dependency_libs in .la and lintian fixes). HTH On Tue, Aug 7, 2012 at 9:42 AM, Göran Weinholt <go...@weinholt.se> wrote: > Package: libotr2 > Version: 3.2.0-4 > Severity: grave > Tags: security upstream > Justification: user security hole > > libotr contains buffer overflows in a few base64 decoding functions: > http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html > > Fixes for the bugs are available from git: > http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001348.html > > > > -- System Information: > Debian Release: wheezy/sid > APT prefers testing > APT policy: (500, 'testing') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.2.0-3-amd64 (SMP w/8 CPU cores) > Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/bash > > Versions of packages libotr2 depends on: > ii libc6 2.13-33 > ii libgcrypt11 1.5.0-3 > > libotr2 recommends no packages. > > Versions of packages libotr2 suggests: > ii libotr2-bin 3.2.0-4 > > -- no debconf information -- Thibaut VARENE http://www.parisc-linux.org/~varenet/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
