On Mon, Dec 19, 2011 at 11:19:03PM +0000, Adam D. Barratt wrote: > On Mon, 2011-12-19 at 22:51 +0000, Dominic Hargreaves wrote: > > On Mon, Dec 19, 2011 at 12:58:35PM +0000, Adam D. Barratt wrote: > > > On 19.12.2011 11:30, Dominic Hargreaves wrote: > > > >The security team has asked that we fix a couple of no-dsa issues in > > > >the next squeeze point release. This bug > > > >(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604902) was also > > > >queued for a point release update. > [...] > > > The patch looks like it would be okay; thanks. However, in order to > > > approve the upload for a point release, we'd need to see full > > > debdiffs for the proposed package which would be uploaded. > > > > Current debdiff (without finalised changelog) attached. > > Thanks. Overall the diff looks fine, although the first two of these: > > + * [SECURITY] CVE-2011-2939: Fix decode_xs n-byte heap-overflow security > + bug in Unicode.xs (Closes: #637376) > + * [SECURITY] CVE-2011-3597: Fix unsafe use of eval in Digest->new(); > + thanks to Ansgar Burchardt for the notification (Closes: #644108) > + * Unregister signal handler before destroying my_perl; fixes segfault > + (Closes: #604902) > > appear to no longer be marked as fixed in testing and unstable. I'm > guessing this is purely an artefact of the archive + re-open but it > would be good if the BTS versioning could be fixed up to accurately > reflect the state of the bugs.
Thanks, fixed. Will upload to s-p-u soon. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111220110407.gh4...@urchin.earth.li
