Security hole in ack versions 2.00 to 2.11_02.

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

I don't think upstream would be bothered with this.

I created a debdiff by (using a trusty box):
pull-lp-source ack-grep
pull-lp-source ack-grep saucy
debdiff ack-grep_2.04-2.dsc ack-grep_2.12-1.dsc > ack-grep.diff

The attachment "ack-grep.diff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

Ma, thanks for preparing this patch. However, it is too invasive to use. Please reduce the patch to only include the fixes for the security issues that need to be addressed. As mentioned in our FAQ, we do not do wholesale version updates for security issues except for a very small subset of packages: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions

In the current form, NAK.

Thanks

Since there is no debdiff to sponsor at the moment, I am unsubscribing ubuntu-security-sponsors. Please subscribe the group again once a debdiff has been attached. Thanks!