Hi, On Wed, 2009-11-11 at 10:59 +0100, Julien BLACHE wrote: > I've prepared an update of mt-daapd for oldstable, addressing #555231 > (two CVEs in prototype.js). Changelog: > > mt-daapd (0.2.4+r1376-1.1+etch3) oldstable; urgency=low > . > * debian/rules, debian/prototype-1.6.1.js: > + Ship an updated copy of the prototype library, fixing a number > of issues including CVE-2007-2383 and CVE-2008-7720 (closes: #555231).
How big is the diff from prototype 1.4.0 (as used in the current package) to 1.6.1? The bug report mentions that patches fixing the two CVEs are available, although I wasn't entirely clear as to whether they apply to 1.4.0 or not. The bug log also mentions that you were planning to upload a fixed package to oldstable-security; is that no longer the case? Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
