[tryton-debian] Security fix for safe_eval in Tryton server
Raphael Hertzog
hertzog at debian.org
Tue Sep 30 22:28:23 UTC 2014
Hi,
On Tue, 30 Sep 2014, Mathias Behrle wrote:
> > BTW, what's the status for squeeze? The version there is even older but
> > as we officially support LTS, it would be nice if you could provide me an
> > update for that version too (in case it also applies).
>
> As written in my original mail I didn't plan an upload for oldstable.
>
> First because I really don't expect any user to run Tryton 1.6 any more. Second
> it would be a stripped down version of the patches (only the one for safe_eval),
> because ast is new in Python 2.6 (and squeeze has 2.5).
That's fine.
> If you estimate nevertheless, that the package should be done, I will provide
> it.
Yes, please. I agree with you that probably nobody is using it but if it's
not too much work, I believe it's good to live up to our new LTS promise.
The only alternative solution is to mark the package as unsupported in
that release (via debian-security-support) and I'd rather avoid that.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
More information about the tryton-debian
mailing list