Comment 1 for bug 992618

Hi Julian - Thanks for the debdiffs! I've reviewed them and have compiled some feedback...

Debdiff review:

* New package versions are wrong. For example, the Oneiric version should be
  '0.14.1-1ubuntu2'. Please see the version examples at:
  https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging

* Being picky, if I reference the patch origin's URL in the patch tags, I
  typically don't reference the URL in the changelog, too. This matches the
  changelog template at the link above.

* As an FYI, when we receive a merge request for security sponsoring, we
  generate a debdiff using the latest source package (possibly from the
  -security or -updates pockets) and proceed to use the debdiff from there. So,
  we generally prefer to get debdiffs from the start, but that isn't
  documented. I wanted to mention it incase it is easier on you to provide a
  debdiff.

Patch backport review:

* The backported CVE-2012-2085.patch is in all three releases is missing
  gajim.thread_interface(p.wait) call in else block of exec_command()

* The natty and lucid debdiffs seem to have a missing "jid_tuple = (jid_id,)"
  in the else block of CVE-2012-2086.patch in chunk @ 654.

Additionally, please comment on the level of testing you've done with these patches applied. Thanks!