Gerfried Fuchs wrote: > Hi! > > * Jeremy T. Bouse <jbo...@debian.org> [2009-11-27 19:30:47 CET]: >> I am currently working on getting 1.4.4 ready to go and remove David >> Gil from the package per (#551636) > > Actually, I'm not sure, does this address Moritz' concerns, from a > security team's point of view, especially with respect to stable? I > don't see any update that would have fixed the security issues for > lenny, what is your plan for that? > > Thanks, > Rhonda
1.4.4 reportedly fixes all current outstanding CVS reports. Short of
going and simply upgrading the old versions trying to go through the
code and find the specific fixes to these issues, as I've found no patch
files specific to the problem, would take much more time than I have
available when a fixed upstream version is already available in the
repository. 1.4.4-1 hit the unstable repository in late November and I
had a few fixes until 1.4.4-3 was migrated to testing just before Christmas.
signature.asc
Description: OpenPGP digital signature
