[tryton-debian] Security fix for safe_eval in Tryton server

[Raphael Hertzog]

Hi,

On Tue, 30 Sep 2014, Mathias Behrle wrote:
> > BTW, what's the status for squeeze? The version there is even older but
> > as we officially support LTS, it would be nice if you could provide me an
> > update for that version too (in case it also applies).
> 
> As written in my original mail I didn't plan an upload for oldstable.
> 
> First because I really don't expect any user to run Tryton 1.6 any more. Second
> it would be a stripped down version of the patches (only the one for safe_eval),
> because ast is new in Python 2.6 (and squeeze has 2.5).

That's fine.

> If you estimate nevertheless, that the package should be done, I will provide
> it.

Yes, please. I agree with you that probably nobody is using it but if it's
not too much work, I believe it's good to live up to our new LTS promise.

The only alternative solution is to mark the package as unsupported in
that release (via debian-security-support) and I'd rather avoid that.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/