libarchive-tar-perl oldstable update for CVE-2007-4829

Nico Golde debian-release+ml at ngolde.de
Sat Mar 14 14:22:56 UTC 2009


Hi,
* Gunnar Wolf <gwolf at gwolf.org> [2009-03-13 23:47]:
[...] 
> > This is Debian bug #449544.
> > 
> > Unfortunately the vulnerability described above is not important enough
> > to get it fixed via regular security update in Debian oldstable. It does
> > not warrant a DSA.
> > 
> > However it would be nice if this could get fixed via a regular point update[1].
> > Please contact the release team for this.
> 
> Nico brought this point to our (pkg-perl's) attention - After some
> discussion in the pkg-perl IRC channel, we found that the intermediate
> releases between the version shipped in Etch (1.30) and the one where
> this bug was fixed (1.38) were all reliability-related [1], and appear
> to be not too broad. So, even if we could just pick up the required
> changeset to make a specific 1.30-2+etch1 upload, it would be better
> just to upload 1.38 to Etch instead - Please tell us what to do.

Looking at the changelog it looks indeed like it would be a 
good idea to ship 1.38. Would that be a problem for the 
release team?

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20090314/97e7de25/attachment.pgp 


More information about the pkg-perl-maintainers mailing list