thanks for the thorough review. > * New package versions are wrong. For example, the Oneiric version should be > '0.14.1-1ubuntu2'. Please see the version examples at: > https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging
they provide an upgrade path, they are just a bit longer than minimal. Does this matter? also according to the wiki it shouldn't it be 0.14.1-1ubuntu1.1 > * The backported CVE-2012-2085.patch is in all three releases is missing > gajim.thread_interface(p.wait) call in else block of exec_command() > * The natty and lucid debdiffs seem to have a missing "jid_tuple = (jid_id,)" > in the else block of CVE-2012-2086.patch in chunk @ 654. fixed the issues and forwarded them to debian where they also exist. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/992618 Title: gajim code execution and sql injection To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gajim/+bug/992618/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
