On Sat, 2010-02-06 at 22:15 -0500, Jay Berkenbilt wrote: > The current xerces-c2 package, 2.8.0+deb1-2, contains a patch supplied > by upstream to address CVE-2009-1885. The security team has deemed that > this is not important enough for a DSA, and I agree. From Giuseppe > Iuculano: [...] > As it happens, the patch from 2.8.0+deb1-2 applies perfectly to the > version in stable, so preparing an update to stable is trivial. With > the permission of the release team, I will prepare the upload. I'm not > sure what the best way to do this is. I can either prepare an upload to > stable or I can supply a patch that can be applied to the version of the > package in stable. I don't presently have a stable chroot to build in, > though I can obviously make one to prepare the package if it would help.
Please prepare an update (built against stable, either on a stable system or in a chroot), and send a debdiff against the current stable package to debian-release for upload approval. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
