On Wed, Mar 28, 2007 at 10:47:04AM +0000, Florian Ernst wrote: > blender (2.42a-5etch1) testing-proposed-updates; urgency=high > . > * Upload to t-p-u after talking to the security team > * Security: No longer ship the kmz_ImportWithMesh.py script since it allows > user-assisted remote attackers to execute arbitrary Python code by > importing a crafted (1) KML or (2) KMZ file [CVE-2007-1253].
Uhm? I just saw Moritz quoted as saying: > The change in question would warrant a DSA, so I'm quite sure it will > get accepted if it only contains the change below. It's easily reviewable > and fixes a genuine security problem. If it warrants a DSA, why was this not uploaded to testing-security instead of testing-proposed-updates? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]