[pkg-horde] imp4 update for CVE-2010-0463 in stable
Adam D. Barratt
adam at adam-barratt.org.uk
Sat Jul 17 19:22:57 UTC 2010
On Sat, 2010-07-10 at 20:24 +0200, Gregory Colpart wrote:
> On Sat, Jul 10, 2010 at 06:09:50PM +0100, Adam D. Barratt wrote:
> >
> > That diff appears to contain two sets of changes.
> >
> > The first set are for a -lenny1 upload dated August 2009, reverting some
> > changes made in a previous upload and with stable-security in the
> > changlog. However, I can't see any sign of that upload on security.d.o and
> > the changes weren't mentioned in your message.
[...]
> There is two diffs:
>
> * Fix errors in last security fix by upstream:
> http://git.debian.org/?p=pkg-horde/imp4.git;a=commitdiff;h=a99ee22b3c53aa7ff537ee1f9fa4dc6d2e28e8e3
>
> * Fix by upstream for CVE-2010-0463:
> http://git.debian.org/?p=pkg-horde/imp4.git;a=commitdiff;h=881658ab0a535d11859086d10f91701a6380998c
It would have been helpful if you'd mentioned both sets of changes in
your first message, and separated them out at that stage. (fwiw, the
first diff would also have been easier to review if it hadn't resulted
in multiple sets of commented out code, but I assume that was the style
used by upstream).
Please go ahead with the upload.
Regards,
Adam
More information about the pkg-horde-hackers
mailing list