Re: oldstable: mt-daapd update addressing #555231

"Adam D. Barratt" wrote: Hi, > Thanks for the confirmation. Please go ahead with the upload for > oldstable. Uploaded. Haven't got a message from the queue daemon about it, so hope everything went OK with that... If you don't see the files anywhere, let me know. JB. -- Julien BLACHE | D

Re: oldstable: mt-daapd update addressing #555231

Hi, On Sun, 2009-11-15 at 21:56 +0100, Julien BLACHE wrote: > "Adam D. Barratt" wrote: > > a) that the current embedded copy of prototype is an unmodified version > > from prototype upstream and > > Virtually unmodified, only a harmless change was done to the copy > shipped with mt-daapd. > >

Re: oldstable: mt-daapd update addressing #555231

"Adam D. Barratt" wrote: Hi, > a) that the current embedded copy of prototype is an unmodified version > from prototype upstream and Virtually unmodified, only a harmless change was done to the copy shipped with mt-daapd. Make prototype.js first test for XMLHttprequest object and then

Re: oldstable: mt-daapd update addressing #555231

On Sat, 2009-11-14 at 17:27 +0100, Julien BLACHE wrote: > "Adam D. Barratt" wrote: > > Hi, > > > The bug log also mentions that you were planning to upload a fixed > > package to oldstable-security; is that no longer the case? > > So, in the end, where do we stand with this? Apologies for not

Re: oldstable: mt-daapd update addressing #555231

"Adam D. Barratt" wrote: Hi, > The bug log also mentions that you were planning to upload a fixed > package to oldstable-security; is that no longer the case? So, in the end, where do we stand with this? JB. -- Julien BLACHE - Debian & GNU/Linux Developer - Public key available on

Re: Bug#555231: oldstable: mt-daapd update addressing #555231

"Adam D. Barratt" wrote: Hi, >> > > CVEs are available, although I wasn't entirely clear as to whether they >> > > apply to 1.4.0 or not. >> > >> > My bet is they don't; 1.4.0 is pretty ancient now. >> >> the prototype.js CVEs do apply to 1.4.0. > > For the avoidance of any doubt, I meant whet

Re: oldstable: mt-daapd update addressing #555231

[re-sending with corrected recipient list having realised that #555231 isn't a release.d.o bug] On Wed, 2009-11-11 at 14:35 -0500, Michael Gilbert wrote: > On Wed, 11 Nov 2009 23:02:23 +0100 Julien BLACHE wrote: > > "Adam D. Barratt" wrote: > > > > Hi, > > > > > How big is the diff from prototyp

Re: oldstable: mt-daapd update addressing #555231

On Wed, 11 Nov 2009 23:02:23 +0100 Julien BLACHE wrote: > "Adam D. Barratt" wrote: > > Hi, > > > How big is the diff from prototype 1.4.0 (as used in the current > > package) to 1.6.1? The bug report mentions that patches fixing the two > > Don't know, I haven't even looked. There were other is

Re: oldstable: mt-daapd update addressing #555231

"Adam D. Barratt" wrote: Hi, > How big is the diff from prototype 1.4.0 (as used in the current > package) to 1.6.1? The bug report mentions that patches fixing the two Don't know, I haven't even looked. There were other issues before those two I believe, and they never got fixed. I know that

Re: oldstable: mt-daapd update addressing #555231

Hi, On Wed, 2009-11-11 at 10:59 +0100, Julien BLACHE wrote: > I've prepared an update of mt-daapd for oldstable, addressing #555231 > (two CVEs in prototype.js). Changelog: > > mt-daapd (0.2.4+r1376-1.1+etch3) oldstable; urgency=low > . >* debian/rules, debian/prototype-1.6.1.js: > + S

oldstable: mt-daapd update addressing #555231

Hi, I've prepared an update of mt-daapd for oldstable, addressing #555231 (two CVEs in prototype.js). Changelog: mt-daapd (0.2.4+r1376-1.1+etch3) oldstable; urgency=low . * debian/rules, debian/prototype-1.6.1.js: + Ship an updated copy of the prototype library, fixing a number o