Hi Alex > the bug is well known to me, there are fixed packages available for > Etch and Sarge (since at that time Sarge still had security support). > > Security Team has been informed about the bug on the day of the > initial disclosure, but I'm still waiting for them to publish an DSA > and publish a DSA and updated packages. I exchange a few mails > with them, but I haven't heard anything since end of January. (Last > mail from Moritz Muehlenhoff at Tue Jan 29 20:20:08 2008, last mail > from me to Moritz Tue Jan 29 20:36:55 2008.) Yes, I am aware that the stable team knows about it. The issue, however, is unembargoed (and thus public and known) and nothing stops you from uploading fixed packages to unstable.
I had a look at the etch packages you provided for the security update and saw that there are some other changes to all the Makefiles. Also there is some code added into the postinst to restart apache. Are these changes really necessary for the security update? Cheers Steffen
signature.asc
Description: This is a digitally signed message part.
