Hi, * Gunnar Wolf <gw...@gwolf.org> [2009-03-13 23:47]: [...] > > This is Debian bug #449544. > > > > Unfortunately the vulnerability described above is not important enough > > to get it fixed via regular security update in Debian oldstable. It does > > not warrant a DSA. > > > > However it would be nice if this could get fixed via a regular point > > update[1]. > > Please contact the release team for this. > > Nico brought this point to our (pkg-perl's) attention - After some > discussion in the pkg-perl IRC channel, we found that the intermediate > releases between the version shipped in Etch (1.30) and the one where > this bug was fixed (1.38) were all reliability-related [1], and appear > to be not too broad. So, even if we could just pick up the required > changeset to make a specific 1.30-2+etch1 upload, it would be better > just to upload 1.38 to Etch instead - Please tell us what to do.
Looking at the changelog it looks indeed like it would be a good idea to ship 1.38. Would that be a problem for the release team? Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp3K8uTsOA55.pgp
Description: PGP signature
