Hi Joe, Not member of the release team here, so not authoritative ;-). So just giving some comments. Btw, thanks for preparing the package!
> diff -Nru libfcgi-2.4.0/debian/changelog libfcgi-2.4.0/debian/changelog > --- libfcgi-2.4.0/debian/changelog 2011-08-20 14:44:38.000000000 -0700 > +++ libfcgi-2.4.0/debian/changelog 2015-02-05 22:19:52.000000000 -0800 > @@ -1,3 +1,11 @@ > +libfcgi (2.4.0-8.2) wheezy-security; urgency=high The version should be 2.4.0-8.1+deb7u1. 2.4.0-8.2 cannot be used as 2.4.0-8.2 was already in the archive. For the s-t-u wheezy-security as distribution needs to be changed to wheezy. > + * Non-maintainer upload. > + * Apply path from Anton Kortunov to swap select with poll to avoid > + stack smashing (See: #681591 and LP: #933417). could you please reference as well the CVE in the changelog, and close the bug: you can use "Closes: #681591" to reach this. > diff -Nru libfcgi-2.4.0/debian/patches/poll libfcgi-2.4.0/debian/patches/poll > --- libfcgi-2.4.0/debian/patches/poll 1969-12-31 16:00:00.000000000 -0800 > +++ libfcgi-2.4.0/debian/patches/poll 2015-02-05 22:18:28.000000000 -0800 > @@ -0,0 +1,81 @@ > +diff --git a/libfcgi/os_unix.c b/libfcgi/os_unix.c > +index 73e6a7f..af35aee 100755 > +--- a/libfcgi/os_unix.c > ++++ b/libfcgi/os_unix.c > +@@ -42,6 +42,7 @@ static const char rcsid[] = "$Id: os_unix.c,v 1.37 > 2002/03/05 19:14:49 robs Exp Not a strict requirement but would be nice to add some patch headers to the atual patch, see http://dep.debian.net/deps/dep3/ for the patch tagging guidelines. Joe, if you get an ack from the release team on your upload for libfcgi I can happily sponsor the upload itself. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
