On Sat, Apr 04, 2009 at 03:48:29PM +0200, gregor herrmann wrote: > On Sun, 15 Mar 2009 12:22:37 +0100, Luk Claes wrote: > > > >>> This is Debian bug #449544. > [..] > > >>> However it would be nice if this could get fixed via a regular point > > >>> update[1]. > > >> Nico brought this point to our (pkg-perl's) attention - After some > > >> discussion in the pkg-perl IRC channel, we found that the intermediate > > >> releases between the version shipped in Etch (1.30) and the one where > > >> this bug was fixed (1.38) were all reliability-related [1], and appear > > >> to be not too broad. So, even if we could just pick up the required > > >> changeset to make a specific 1.30-2+etch1 upload, it would be better > > >> just to upload 1.38 to Etch instead - Please tell us what to do. > > > Looking at the changelog it looks indeed like it would be a > > > good idea to ship 1.38. Would that be a problem for the > > > release team? > > It depends on the diff. > > Oops, it seems that nobody has picked up that question yet, sorry for > that. > > I'm attaching the diff between 1.30-2 (in oldstable) and 1.38-2 (the > last version in the archive that got removed later). The diff is > created by
Please note that there was also a 'second half' to CVE-2007-4829 fixed upstream in 1.39_01. See #509802. This should presumably be fixed too. Sorry for failing to bring this up earlier. -- Niko Tyni nt...@debian.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
