> Whilst this has now been fixed in unstable, it was via the upload of a > new upstream which adds over 2000 lines of new code (and doesn't even > directly include the security fix) and with a debhelper compat bump > thrown in on the packaging side. > > It's possible someone might feel inclined to unblock it, but I suspect > this will need a t-p-u if we want to get it fixed in Wheezy.
My error ... I checked stable but kind of forgot frozen testing, so I just took the chance to clean out some pending packaging work I had locally and upload it all. I can easily prepare a 1.0.15-2 package that has just the CVE fix in it relative to what's in wheezy, but is there anywhere I can upload it to so that it gets into wheezy? I'll also point out that the actual vulnerability here is quite low impact. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
