"Adam D. Barratt" <a...@adam-barratt.org.uk> writes: > Control: tags -1 + moreinfo > Control: severity -1 normal > > On Sat, 2016-10-22 at 13:10 -0500, Rob Browning wrote: >> I'd like to propose an update for jessie as described by the attached >> debdiff. Though the final upload/diff might be slightly different >> (i.e. the dpm hashes). >> >> Both of the changes (patches) have been cherry-picked from upstream as >> described in the patch headers. > > The security tracker indicates that both issues - CVE-2016-8605 and > CVE-2016-8606 - still affect the guile-2.0 packages in unstable. Is that > correct? If so then that would be a prerequisite to applying the fixes > in stable.
Hmm, well I'm also preparing 2.0.13+1-1 packages for unstable that include (upstream) both fixes. Should I upload those first? Thanks -- Rob Browning rlb @defaultvalue.org and @debian.org GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4
