On Mon, Dec 14, 2009 at 07:58:54PM +0100, Kurt Roeckx wrote: > I think you're both not understanding each other. > > As I understand it, Michael is saying that the patch for the > security issue is not applied to the package in Debian and > that upstream has fixed that for the next release. >
That's fine, TJ applied the patch to the 1.3.2 branch, but apparently before tagging 1.3.2c. > As I understand Francesco, there is no need to apply the patch > because it's using the full path of the module and so will > never look into the current directory for the module. > > Yes, and it renders the whole thing secondary. Any release is perfectly good under that respect. A better thing will be patching to use the system library instead of the local one to avoid possible future problems. This is in my roadmap but it is completely independent on the current problem. -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
