❦ 7 décembre 2016 00:30 +0100, Guilhem Moulin <guil...@guilhem.org> :
>> Version: 1.1.4+dfsg.1-1~bpo8+1
>> […]
>> So probably it is important to update to upstream version 1.2.3
>
> Unfortunately 1.2.x has many dependencies that aren't in
> jessie-backports yet. I personally don't have the time nor energy to
> maintain said dependencies, so we asked backports folks for an exception
> to stick to 1.1.x for the bpo version, exception which was rejected.
> I'm afraid the remaining alternative is to take remove the package from
> jessie-backports :-(
Since the problem is quite serious, could you push the fix in bpo8+2
nonetheless? Then wait a bit before asking for removal from backports to
let actual users get an updated version. It seems far better than just
leaving some people with vulnerable versions on their systems.
--
"Not Hercules could have knock'd out his brains, for he had none."
-- Shakespeare
signature.asc
Description: PGP signature
