On Sun, Jul 08, 2012 at 07:15:10PM -0000, Jonathan Wiltshire wrote: > Recently you fixed one or more security problems and as a result you closed > this bug. These problems were not serious enough for a Debian Security > Advisory, so they are now on my radar for fixing in the following suites > through point releases:
> squeeze (6.0.6) - use target "stable" > Please prepare a minimal-changes upload targetting each of these suites, > and submit a debdiff to the Release Team [0] for consideration. They will > offer additional guidance or instruct you to upload your package. Since when do we expect maintainers to spend their time preparing stable release updates for security bugs that are not important enough to have DSAs issued? I find this absurd. If it's worth fixing, it should be fixed through the security process. This particular bug is a buffer overflow in handling of user-provided input to a non-privileged library. Don't expect me to prepare a stable upload for this if it's not important enough to get a DSA. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [email protected] [email protected]
signature.asc
Description: Digital signature

