On Thu, 2010-10-28 at 18:24 +0200, Moritz Muehlenhoff wrote: > On Wed, Oct 27, 2010 at 11:45:21PM +0200, Ond??ej Surý wrote: > > Hi Moritz and Adam, > > > > I have prepared 5.3.3-3 in the git, but I would like to seek > > debian-release(Adam) advice how to proceed. Adam has unblocked 5.3.3-2 > > (with prolonged delay to 15 days)... btw thanks for that ... so > > should I upload 5.3.3-3 with this fix or wait for 5.3.3-2 to go to > > testing and then upload 5.3.3-3 with urgency=high and request an > > unblock again? > > This issue doesn't seem urgent. I would recommend to let 5.3.3-2 > with the current age-days and followup with the CVE-2010-3710 > after that. > > Maybe this would also allow the PHP maintainers to include a final > fix for 546164?
5.3.3-2 has now migrated to testing. The upstream fix for CVE-2010-3710 looks small and sane enough to be included in a -3 upload. From reading the log for 546164 I'm not sure what the fix would look like, but would be prepared to look at fixing it in squeeze. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1289157646.27850.7049.ca...@hathi.jungle.funky-badger.org
