On 2012-07-08 23:28, Steve Langasek wrote:
On Sun, Jul 08, 2012 at 07:15:10PM -0000, Jonathan Wiltshire wrote:
Recently you fixed one or more security problems and as a result you
closed
this bug. These problems were not serious enough for a Debian
Security
Advisory, so they are now on my radar for fixing in the following
suites
through point releases:
squeeze (6.0.6) - use target "stable"
Please prepare a minimal-changes upload targetting each of these
suites,
and submit a debdiff to the Release Team [0] for consideration. They
will
offer additional guidance or instruct you to upload your package.
Since when do we expect maintainers to spend their time preparing
stable
release updates for security bugs that are not important enough to
have DSAs
issued? I find this absurd. If it's worth fixing, it should be
fixed
through the security process.
This particular bug is a buffer overflow in handling of user-provided
input
to a non-privileged library. Don't expect me to prepare a stable
upload for
this if it's not important enough to get a DSA.
Thanks for the information; tracker updated (and copying
[email protected]
for your feedback).
--
Jonathan Wiltshire [email protected]
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]