Thomas Goirand <z...@debian.org> writes: > Hi, > > I'm not supposed to disclose too much yet, but I have to write in this > bug still. > > The provided patch is *not enough* and the issue is still being > discussed upstream. So I can't just patch novnc and be gone with it... > I'll update this package as soon as upstream provides a working patch.
Do you have a link to the upstream discussion? Or is this about an embargoed security issue? > > Cheers, > > Thomas Goirand (zigo) Paul McMillan <p...@mcmillan.ws> writes: > Thomas Goirand's comment is in response to an unrelated upstream bug > in a different software package. The linked github patch is a complete > fix for the reported issue. > > -Paul I'm confused. What's true now, to which other upstream bug does this refer? Can both of you please clarify. We really need to solve this bug soon, otherwise significant parts of OpenStack will get removed from jessie and probably won't be allowed back in again. If you agree that the linked github patch is complete, I can do an upload if you lack the time to do so yourself. I can understand that sensitive security issues are involved, but a bit more verboseness would be nice. Gaudenz
signature.asc
Description: PGP signature
