On Tue, Nov 30, 2010 at 11:52:22PM +0100, Moritz Muehlenhoff wrote: > > Lamont, would it be possible to prepare an upload fixing just the > > security bug for squeeze (so based on 1:9.7.1.dfsg.P2-2)? > > I looked into it a bit, but couldn't pinpoint the exact changes for > CVE-2010-3752 (not with a certainty to not mess up DNSSEC). > I'll give it another go in the next days.
Likewise. Looking at my schedule, 9.7.2 is something in the "early next week" camp. In what I saw, this CVE seems to have come in after they had already fixed it - there is no mention of it prior to the 9.7.2 release notes. I'm more inclined to support the 9.7.2 upstream than I am to support a frankenversion where we can't find an isolated fix for the bug. But again, I'm going to worry about it more this weekend and monday/tuesday. lamont -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101201005802.ga22...@mix.mmjgroup.com