On 2012-07-08 23:28, Steve Langasek wrote:
On Sun, Jul 08, 2012 at 07:15:10PM -0000, Jonathan Wiltshire wrote:
Recently you fixed one or more security problems and as a result you closed this bug. These problems were not serious enough for a Debian Security Advisory, so they are now on my radar for fixing in the following suites
through point releases:

squeeze (6.0.6) - use target "stable"

Please prepare a minimal-changes upload targetting each of these suites, and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.

Since when do we expect maintainers to spend their time preparing stable release updates for security bugs that are not important enough to have DSAs issued? I find this absurd. If it's worth fixing, it should be fixed
through the security process.

This particular bug is a buffer overflow in handling of user-provided input to a non-privileged library. Don't expect me to prepare a stable upload for
this if it's not important enough to get a DSA.

Thanks for the information; tracker updated (and copying [email protected]
for your feedback).

--
Jonathan Wiltshire                                      [email protected]
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51



--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to