Hi again! * Holger Levsen <hol...@layer-acht.org> [2009-07-13 12:10:41 CEST]: > On Montag, 13. Juli 2009, Gerfried Fuchs wrote: > > - in this case it was Holger Levsen. Though, I just asked him and he > > said that he doesn't care about etch-backports. > > given that its not possible/desirable to have backports from squeeze in > etch-bpo (see > http://lists.backports.org/lurker-bpo/message/20090220.215045.8a623425.en.html) > > Alexander Wirt and me have decided last week, that it's best to remove the > roundcube backport from etch-bpo.
Erm, you propably did misread that mail: ,--------------------------------> quote <-------------------------------- | But remember that contributors are now allowed to add packages to | etch-bpo which have a higher version than in lenny (because they are | allowed to add versions from squeeze). `--------------------------------> quote <-------------------------------- That's extremely far from "not possible/desirable" - and especially when it comes to security issues it is more than desirable to have them fixed. ... which, in the case of this bugreport, is done. 0.1.1-9 did fix CVE-2008-5619 for etch-backports, so it rather seems to me that Benjamin got some things mixed up, unless the claimed patch in that upload wasn't complete. > Of course, if Gerfried wants to cherrypick and backport the neeeded fixes to > roundcube 0.1 and upload that to etch-bpo, he can do that. I'd still > recommend to upgrade to lenny, but thats the beauty of free software: there > is more than one way to do it and everybody can get involved :-) Unfortunately, lenny doesn't ship roundcube so that doesn't buy one anything. Would be great to get things straightened out. Benjamin, do you claim the package in etch-bpo affected by this bug and the fix to be incomplete, or what's the deal? I'm especially puzzled by your original version you reported it again to be 0.2.2-1 which is by far close to anything that's in bacports - or way over the version that it was fixed in already. Do you claim by that that the patch got removed again, or were you just puzzled? Thanks! Rhonda -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
