[Pkg-xfce-devel] Bug#437454: Bug#437454: Bug#437454: Bug#437454: fix for Etch still missing

Simon Huggins huggie at earth.li
Wed Oct 10 06:48:09 UTC 2007 

Security team, any news?

On Fri, Aug 24, 2007 at 07:28:28PM +0100, Simon Huggins wrote:
> On Fri, Aug 24, 2007 at 08:10:38PM +0200, Tino Keitel wrote:
> > On Fri, Aug 24, 2007 at 17:11:04 +0100, Simon Huggins wrote:
> > > On Fri, Aug 24, 2007 at 05:19:08PM +0200, Tino Keitel wrote:
> > > > what is the status of this bug regarding Etch? The Etch version is
> > > > affected, too, and the fix should also apply to the Etch version.
> > > I have untested packages for stable at:
> > > http://the.earth.li/~huggie/xfce4-terminal-fix/
> > > If you have an amd64 box you can just install the deb.  Otherwise if you
> > > rebuild it from that .dsc/.diff.gz/.orig.tar.gz on your machine and can
> > > let me know that you can reproduce the bug on the old one but not the
> > > new that would be useful.
> > > I need to test it myself tonight.
> > I can build it myself if I need them, but I don't use xfce4-terminal
> > from Etch. I just wondered why a security related bug that is fixed for
> > nearly 2 weeks in Sid is still not fixed in Etch.
> Because no one has picked this up and looked into it I guess.

> I've tested the packages above in a stable chroot now.

> Debdiff is:
> 	Depends: libatk1.0-0 (>= 1.12.2), libc6 (>= 2.3.5-1),
> 	[-libdbus-1-3,-] {+libdbus-1-3 (>= 0.94),+}

> 	libdbus-1-3 is 1.0.2-1 in stable.

> 	libdbus-glib-1-2 (>= 0.71),
> 	libexo-0.3-0 (>= [-0.3.1.10rc1-1),-] {+0.3.1.12rc2-1),+}

> 	0.3.1.12rc2-1 is current in stable.

> 	libglib2.0-0 (>= 2.12.0), libgtk2.0-0 (>= 2.8.0),
> 	libstartup-notification0 (>= 0.8-1), libvte4 (>= 1:0.12.1),
> 	libx11-6, libxfce4util4 (>= [-4.3.99.1)-] {+4.3.99.2)+}

> 	4.3.99.2 is in stable.

> 	Version: [-0.2.5.6rc1-2-] {+0.2.5.6rc1-2etch1+}

> Security team, the packages above from
> http://the.earth.li/~huggie/xfce4-terminal-fix/
> are confirmed working and hopefully have the right distribution
> (stable-security) and priority (high).

> Can I upload them somewhere?


Simon.

-- 
[ If at first you don't succeed, destroy all evidence that you tried.  ]

More information about the Pkg-xfce-devel mailing list