* Dominic Hargreaves: >> > Okay, then we should release a DSA for it, so that the breakage is >> > more easily blamed on this particular change, and that it's less >> > confusing if we have to issue follow-up DSAs. Perhaps late May or >> > early June would be a convenient release date? >> >> Wasn't the earlier consensus that this only affects Perl scripts, which >> are already insecure? > > I don't think we've seen any discussion of this; could you elaborate?
There was some discussion prior to filing the bug report, sorry. Anyway, we should probably push the fix to lenny and squeeze at this point. (See above for part of my rationale for that.) I can grab 0002-CVE-2011-1487-lc-uc-first-fail-to-taint-the-returned.patch and apply it to squeeze & lenny if you want me to. Are there any other pending changes I should pick up? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org