Bug#542784: New upstream version available (2.0.0.23)
Mike Hommey
mh at glandium.org
Fri Aug 21 22:05:28 UTC 2009
On Fri, Aug 21, 2009 at 11:52:41PM +0200, Alexander Sack wrote:
> On Fri, Aug 21, 2009 at 11:10:47PM +0200, Moritz Muehlenhoff wrote:
> > On Fri, Aug 21, 2009 at 11:05:22PM +0200, Mike Hommey wrote:
> > > On Fri, Aug 21, 2009 at 11:02:33PM +0200, Moritz Muehlenhoff wrote:
> > > > Mike Hommey wrote:
> > > >
> > > > > > New upstream versions are normal for this kind of stuff in
> > > > > > unstable/testing, so i thought it was not noteworthy.
> > > > > >
> > > > > > Is the security team following that road?
> > > > >
> > > > > The security team is backporting the fixes.
> > > >
> > > > I've been looking into the changes for the last two hours
> > > > and I think I'll have to revert to building an update based
> > > > on a 3.12.4 snapshot.
> > > >
> > > > The changes are massive and very subtle to backport, so I'm
> > > > afraid I might miss something seemimgly harmless, yet crucial.
> > > > I'll give it some more beating, haven't made up my mind yet.
>
> Sounds better. We have nss 3.12.3.1 in ubuntu everywhere for a few
> weeks now.
>
> On top you might want to take https://bugzilla.mozilla.org/show_bug.cgi?id=486537
> for which we will do an individual update next week in ubuntu.
A patch for that is applied in 3.12.3-1 in squeeze already, FWIW, though
the approach is slightly different. See
https://bugzilla.mozilla.org/show_bug.cgi?id=488959
IIRC, lintian helped spot it.
Mike
More information about the pkg-mozilla-maintainers
mailing list