I've updated the bug tasks. The main one is now "Fix released" as Jaunty has the new version with the security fix, and I've added a task for Intrepid and one for Hardy as they both have the same affected version. I guess the revision for Intrepid can also be uploaded to Hardy, as the only difference between both right now is that Intrepid has a new revision adding a debian/watch file.
Vincenzo: Please don't modify the latest changelog entry, but add a new one («dch -i -D intrepid-security») with a version number according to point 4. in https://wiki.ubuntu.com/SecurityUpdateProcedures, which in this case would be 1.2.4-1ubuntu0.8.10. However, as Jaunty has version 1.2.4-1, which is lower than 1.2.4-1ubuntu0.8.10 («dpkg --compare- versions 1.2.4-1 gt 1.2.4-1ubuntu0.8.10; echo $?»), I think in this case 1.2.4-0ubuntu0.8.10 should be used. [I have not worked with security updates before, please correct me if I'm wrong]. -- CVE-2008-4796: missing input sanitising https://bugs.launchpad.net/bugs/292923 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs