Comment 4 for bug 287534

I'd like to suggest that for Intrepid, we push 1.2.9 in intrepid-security. It's going to be a real PITA to extract a reduced patch for this issue and 1.2.8 was uploaded very late in the development process, so we haven't undone a lot of testing.

We'll get better upstream support this was and avoid a pile of C hacking that I certainly can't do. Also the changes from 1.2.9 got a lot of review by other users of the package, so I'm reasonable confident it's in good shape. I do know it corrects at least one regression in 1.2.8.