On Sun, 2011-04-03 at 17:14 +0200, Evgeni Golov wrote: > v86d has an open security issue in oldstable, stable, testing and > unstable (CVE-2011-1070 / Bug#619404). > > For testing/unstable, the fix is just to upload the new upstream release.
So far as I can see, that didn't happen yet? Having the issue fixed in unstable at least is generally a prerequisite for fixing it in stable. > For stable I could add the patch [1] and ask you to approve that package > into 6.0.2. However we also could push 0.1.10 in there, because the > current 0.1.9-1 in Squeeze already has two patches from upstream Git and > going to 0.1.10 would only add two more minor ones ([2] and [3]) with > [3] being even unused in the final binary. This may be an option, but I'd like to see a final debdiff between the 0.1.10 package that gets uploaded to unstable and the current squeeze package before we make a final decision. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1303746861.3323.5698.ca...@hathi.jungle.funky-badger.org