Hi David, Salvatore and Georges, 2014-04-01 20:24 GMT+02:00 Salvatore Bonaccorso <car...@debian.org>: > Hi, > > On Mon, Mar 31, 2014 at 06:38:55PM -0400, David Prévot wrote: >> Package: shaarli >> Version: 0.0.41~beta~dfsg2-3 >> Severity: grave >> Tags: security patch upstream >> Control: forward -1 https://github.com/sebsauvage/Shaarli/issues/134 >> Control: tag -1 fixed-upstream >> >> Hi, >> >> A security issue has been fixed a few months ago: >> >> https://github.com/sebsauvage/Shaarli/commit/53da201749f8f362323ef278bf338f1d9f7a925a >> >> Thanks in advance for updating the Debian package. > > A CVE was assigned for these XSS issues: CVE-2013-7351. Please include > this reference also in your changelog when fixing the issue.
I have prepared the new package with the fix for the security vulnerability in Shaarli's collab-maint git repo [0]. As I don't have upload rights (I'm a Debian maintainer, Georges did the upload of the previous versions), can one of you take care of uploading the package? I suppose this would work (see file debian/README.source) $ git clone ssh://<user>@git.debian.org/git/collab-maint/shaarli.git $ cd shaarli $ git checkout -b pristine-tar remotes/origin/pristine-tar $ git checkout -b upstream remotes/origin/upstream $ git checkout -b dfsg_clean remotes/origin/dfsg_clean $ git checkout master >From this point on you should be able to build the package with: $ git-buildpackage And then upload it to the archive. Let me know how I can help further. Note: I will be out of the country for the next 3 days starting tomorrow 06:30, email response might be delayed. In case an NMU or other action would be required on your side to fix this security issue, I preemptively approve it. +Emilien [0] http://anonscm.debian.org/gitweb/?p=collab-maint/shaarli.git -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
