Security update for xml-security-c

[Russ Allbery]

Florian Weimer <fw at deneb.enyo.de> writes:

> It ended up in stable-proposed-updates:
>
>   <http://release.debian.org/proposed-updates/stable.html>
>
> The easiest approach would be to address this through
> stable-proposed-updates instead of stable-security.  If you still want
> to have it in stable-security, you should ask debian-release (with a
> [SRM] subject tag) to reject this, and upload to stable-security with a
> higher version number.

I think that given that there was a CERT advisory, it would be good to do
a regular security update.  The stable release team contacted me about it
and I had them reject it.  I will upload a +lenny2 package in a few
minutes to the right queue.

Sorry about that.  I wonder if the regular ftp-master queue should reject
uploads to stable-security.  I'm guessing I'm not the only person who's
made this mistake.

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>