Hi, On Sat, July 10, 2010 17:33, Gregory Colpart wrote: > On Mon, May 24, 2010 at 12:08:34PM +0200, Giuseppe Iuculano wrote: >> [...] >> Unfortunately the vulnerability described above is not important enough >> to get it fixed via regular security update in Debian stable. >> It does not warrant a DSA. >> >> However it would be nice if this could get fixed via a regular point >> update[1]. Please contact the release team for this. >> [...] > > I upgrade imp4 package for stable-proposed-updates. > Here is the diff with actual stable package: > http://people.debian.org/~reg/imp4_4-2_4-2lenny2.diff
That diff appears to contain two sets of changes. The first set are for a -lenny1 upload dated August 2009, reverting some changes made in a previous upload and with stable-security in the changlog. However, I can't see any sign of that upload on security.d.o and the changes weren't mentioned in your message. If the changes for the fix for CVE-2010-0463 are those I suspect then they should be ok on their own but it's not entirely obvious from the diff. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/874363d326331f850e86b6895357992c.squir...@adsl.funkybadger.org
