Quoting Gregory Colpart <[EMAIL PROTECTED]>:
Thanks a lot for your final patches. Turba 2.1.7 is already in
Debian unstable distribution. But for Debian stable and
oldstable, I can't upload version 2.1.7: I need backport
security changes. Could you review my backported patches?
- Patch for Turba 2.1.4 (Debian stable):
http://gcolpart.evolix.net/debian/turba2/turba2_2.1.3-1_2.1.3-1etch1.diff
- Patch for Turba 2.0.2 (Debian oldstable):
http://gcolpart.evolix.net/debian/turba2/turba2_2.0.2-1_2.0.2-1sarge1.diff
I don't feel qualified without a _lot_ more time to review the 2.0.x
patch; that is very, very different from the current code.
The 2.1.4 patch seems to have a bunch of extra stuff in it - I would
just do the changes to Group.php, sql.php, and browse.php. If you're
also including different fixes those would have to be reviewed
separately - those changes are a bit harder to follow.
Note: FYI, Debian security team requested CVE id for this security issue.
We got the report from you, so unless you created one I don't think
there is one. Or do you mean that they started the process of creating
one from CVE?
-chuck
