On Thu, 15 May 2008 01:42:21 am Raphael Hertzog wrote: > On Wed, 14 May 2008, Steffen Joeris wrote: > > Attached you will find the patch from upstream. Please let me know, if > > you have time for it or want me to upload. > > Don't worry, I will wait a few days. > > I'll let some time to Brett first... but for unstable, we'll simply > package 0.96.2 I think. > > The question is for etch. Can we upload 0.95.2 instead of > 0.95.1-1etch1 provided that the upstream release adds nothing else except > the security fix? (I haven't checked that yet) > > There's also an experimental upload to do, but this one will require a new > SVN snapshot. I wouldn't see this bug as important enough for a DSA (and thus also no DTSA, if migration fails), but it would be nice to get it fixed in unstable with priority high though.
What's the real life exploit scenario by the way? I failed to imagine anything too dangerous. Cheers Steffen
signature.asc
Description: This is a digitally signed message part.
