[Fwd: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727]
Stanislav Brabec
sbrabec at suse.cz
Fri Aug 14 10:51:59 EDT 2009
Warren Togami wrote:
> So normally the way vendors work when an embargo is known, we prepare
> our packages, and QA test them, to simultaneously release the binary
> packages on the embargo lift day.
>
> Is the patch against 2.5.8 even finalized now?
>
> If 2.5.9 is truly 2.5.8 + that one patch, then could you bless an
> official 2.5.9 tarball now so we can kick off this process internally
> and be ready for embargo lift day?
Thanks I am now re-submitting packages with the new patch from Mark
Doliner. They will be pending until the correctness approval.
Is it possible to send finalized patch to vendor-sec at lst.de? Security
people from distros are probably not subscribed here.
Thanks.
--
Best Regards / S pozdravem,
Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o. e-mail: sbrabec at suse.cz
Lihovarská 1060/12 tel: +420 284 028 966, +49 911 740538747
190 00 Praha 9 fax: +420 284 028 951
Czech Republic http://www.suse.cz/
More information about the Packagers
mailing list