libarchive-tar-perl oldstable update for CVE-2007-4829
Luk Claes
luk at debian.org
Sat Apr 4 13:58:48 UTC 2009
gregor herrmann wrote:
> On Sun, 15 Mar 2009 12:22:37 +0100, Luk Claes wrote:
>
>>>>> This is Debian bug #449544.
> [..]
>>>>> However it would be nice if this could get fixed via a regular point update[1].
>>>> Nico brought this point to our (pkg-perl's) attention - After some
>>>> discussion in the pkg-perl IRC channel, we found that the intermediate
>>>> releases between the version shipped in Etch (1.30) and the one where
>>>> this bug was fixed (1.38) were all reliability-related [1], and appear
>>>> to be not too broad. So, even if we could just pick up the required
>>>> changeset to make a specific 1.30-2+etch1 upload, it would be better
>>>> just to upload 1.38 to Etch instead - Please tell us what to do.
>>> Looking at the changelog it looks indeed like it would be a
>>> good idea to ship 1.38. Would that be a problem for the
>>> release team?
>> It depends on the diff.
>
> Oops, it seems that nobody has picked up that question yet, sorry for
> that.
>
> I'm attaching the diff between 1.30-2 (in oldstable) and 1.38-2 (the
> last version in the archive that got removed later). The diff is
Ok, please upload.
Cheers
Luk
More information about the pkg-perl-maintainers
mailing list