On Mon, Apr 13, 2015 at 09:45:55PM -0400, James McCoy wrote: > On Fri, Apr 10, 2015 at 11:12:36PM +0200, Raphael Hertzog wrote: > > Hello dear maintainer(s), > > > > the Debian LTS team would like to fix the security issues which are > > currently open in the Squeeze version of subversion: > > https://security-tracker.debian.org/tracker/CVE-2015-0248 > > https://security-tracker.debian.org/tracker/CVE-2015-0251 > > (there are other lower severity issues affecting squeeze that could be > > fixed too: > > https://security-tracker.debian.org/tracker/source-package/subversion ) > > > > Would you like to take care of this yourself? We are still understaffed so > > any help is always highly appreciated. > > > > If yes, please follow the workflow we have defined here: > > http://wiki.debian.org/LTS/Development > > I started looking at what was needed to adapt the upstream patches for a > Wheezy upload and it wasn't straight forward enough for me to finish at > the time. However, the changes should be similar for Squeeze and Wheezy > since they're both in the 1.6 series, so finishing the Wheezy-targeted > changes should be easily applicable to Squeeze.
wheezy-security upload happened today and, as expected, the patches apply pretty cleanly to the Squeeze version. I synced all the relevant CVE fixes from the wheezy package back to the squeeze package. I'm still going through build and test, but I should have something ready in the next day or two. Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <james...@debian.org>
signature.asc
Description: Digital signature
