On Wed, Jun 29, 2005 at 03:56:41PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote: > On Wed, Jun 29, 2005 at 03:13:47PM +0200, Markus Kolb wrote: > > Well, I've written it is for sarge. > > Jeroen van Wolffelaar commented, when he reopened the bugs, that packages > had been mailed to the security team. > > BTW, if you do an analysis of a vulnerability like this CC: the bug report > just in case the maintainer does not follow -security (or open up the bug > report is there isn't one).
Hm, yeah, I missed this thread when preparing a fix (and as far as I know, Bdale isn't subscribed here). Cc'ing the bug definitely would have prevented that. That being said, I failed to find the actual patch/package in the original mail in this thread. Could you please download the fixed packages as referenced in #315115, and (1) check whether they work and not have regressions, and (2) whether there is a difference with the patch prepared by you, and if so, whether that's significant in any way? Please followup to the bug and cc me if you've tested and/or compared the updated packages. --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber & MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl
