On Wed, Sep 05, 2007 at 05:03:25PM -0000, Adna rim wrote:
> So what alternative we have here? Letting a version in the repos which
> you are totally aware that it is vulnerable and my lead to arbitrary
> code execution or spending 5min just to take the updated version of
> 2.4.5.
Agreed; it is a lot of work. That's what makes an upstream easy to work
with or not for doing security updates. You can also check into SRU[1]
but that requires minimal changes too. Perhaps backports[2], once it is
fixed in Gutsy?
On Wed, Sep 05, 2007 at 05:03:25PM -0000, Adna rim wrote:
> So what alternative we have here? Letting a version in the repos which
> you are totally aware that it is vulnerable and my lead to arbitrary
> code execution or spending 5min just to take the updated version of
> 2.4.5.
Agreed; it is a lot of work. That's what makes an upstream easy to work
with or not for doing security updates. You can also check into SRU[1]
but that requires minimal changes too. Perhaps backports[2], once it is
fixed in Gutsy?
[1] https:/ /wiki.ubuntu. com/StableRelea seUpdates /wiki.ubuntu. com/BackportReq uestProcess
[2] https:/