On Thu, Jun 16, 2011 at 10:11:09PM +0200, Florian Weimer wrote:
> >> > Okay, then we should release a DSA for it, so that the breakage is
> >> > more easily blamed on this particular change, and that it's less
> >> > confusing if we have to issue follow-up DSAs. Perhaps late May or
> >> > early J
* Dominic Hargreaves:
>> > Okay, then we should release a DSA for it, so that the breakage is
>> > more easily blamed on this particular change, and that it's less
>> > confusing if we have to issue follow-up DSAs. Perhaps late May or
>> > early June would be a convenient release date?
>>
>> Was
On Sun, May 01, 2011 at 10:33:35PM +0200, Moritz Mühlenhoff wrote:
> On Sat, Apr 30, 2011 at 06:26:51PM +0200, Florian Weimer wrote:
> > * Adam D. Barratt:
> >
> > > I do share Florian's concern about the potential breakage as a result of
> > > the change. Do we have any idea how many packages in
On Sat, Apr 30, 2011 at 06:26:51PM +0200, Florian Weimer wrote:
> * Adam D. Barratt:
>
> > I do share Florian's concern about the potential breakage as a result of
> > the change. Do we have any idea how many packages in {old,}stable would
> > be affected and to what degree? Particularly in the
On Sat, Apr 30, 2011 at 06:26:51PM +0200, Florian Weimer wrote:
> * Adam D. Barratt:
>
> > I do share Florian's concern about the potential breakage as a result of
> > the change. Do we have any idea how many packages in {old,}stable would
> > be affected and to what degree?
I don't think we hav
* Adam D. Barratt:
> I do share Florian's concern about the potential breakage as a result of
> the change. Do we have any idea how many packages in {old,}stable would
> be affected and to what degree? Particularly in the case of oldstable,
> with its four month update cycle, fixing packages bro
On Fri, 2011-04-22 at 12:29 +0100, Dominic Hargreaves wrote:
> On Wed, Apr 20, 2011 at 08:52:31AM +0300, Niko Tyni wrote:
>
> > On Tue, Apr 19, 2011 at 04:18:36PM +0200, Florian Weimer wrote:
> > http://nntp.perl.org/group/perl.perl5.porters/171010
> >
> > I'm therefore downgrading the severity
On Wed, Apr 20, 2011 at 08:52:31AM +0300, Niko Tyni wrote:
> severity 622817 important
> thanks
>
> On Tue, Apr 19, 2011 at 04:18:36PM +0200, Florian Weimer wrote:
> > * Niko Tyni:
> >
> > > Security team, I assume this is going to be fixed through a DSA?
> >
> > I don't think this is a security
severity 622817 important
thanks
On Tue, Apr 19, 2011 at 04:18:36PM +0200, Florian Weimer wrote:
> * Niko Tyni:
>
> > Security team, I assume this is going to be fixed through a DSA?
>
> I don't think this is a security bug on its own.
Yes, turns out upstream thinks similarly.
http://nntp.per
* Niko Tyni:
> Security team, I assume this is going to be fixed through a DSA?
I don't think this is a security bug on its own.
> It should be trivial to port this to squeeze and lenny. I'll try to
> prepare the debdiffs on Sunday, but if somebody else wants to do that,
> feel free.
If this bu
On Fri, Apr 15, 2011 at 11:41:02PM +0300, Niko Tyni wrote:
> Please note that the sid fix can't currently be uploaded on its own
> because of a db4.7 related problem (just filed as #622916).
Partly as a reminder to myself: I plan to merge this into experimental
once the upload to sid has been com
On Fri, Apr 15, 2011 at 11:41:02PM +0300, Niko Tyni wrote:
> On Thu, Apr 14, 2011 at 09:45:55PM +0100, Dominic Hargreaves wrote:
> > Package: perl
> > Version: 5.10.1-19
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> > CVE description:
> >
> > The (1) lc, (2) l
tag 622817 patch fixed-upstream
forwarded 622817 http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
thanks
On Thu, Apr 14, 2011 at 09:45:55PM +0100, Dominic Hargreaves wrote:
> Package: perl
> Version: 5.10.1-19
> Severity: grave
> Tags: security
> Justification: user security hole
>
> CVE d
Package: perl
Version: 5.10.1-19
Severity: grave
Tags: security
Justification: user security hole
CVE description:
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl
5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11,
do not apply the taint attribute to the retu
14 matches
Mail list logo
