On Tue, 2019-07-09 at 15:28 +0100, Luca Boccassi wrote: > On Wed, 2019-07-03 at 11:38 +0100, Luca Boccassi wrote: > > On Mon, 17 Jun 2019 11:39:13 +0100 Luca Boccassi < > > bl...@debian.org > > > > > > > wrote: > > > On Tue, 9 Apr 2019 15:52:52 +0200 Sylvain Beucler < > > > > > > > b...@beuc.net > > > > > > > > > > wrote: > > > > Package: evolution-ews > > > > Version: 3.30.5-1 > > > > X-Debbugs-CC: > > > > t...@security.debian.org > > > > > > > > > > Severity: grave > > > > Tags: security > > > > > > > > Hi, > > > > > > > > The following vulnerability was published for evolution-ews. > > > > > > > > CVE-2019-3890[0]: > > > > No description was found (try on a search engine) > > > > > > > > If you fix the vulnerability please also make sure to include > > > > the > > > > CVE (Common Vulnerabilities & Exposures) id in your changelog > > > > entry. > > > > For further information see: > > > > > > > > [0] > > > > https://security-tracker.debian.org/tracker/CVE-2019-3890 > > > > > > > > > > > > > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3890 > > > > > > > > > > https://gitlab.gnome.org/GNOME/evolution-ews/issues/27 > > > > > > > > > > https://gitlab.gnome.org/GNOME/evolution-ews/issues/36 > > > > > > > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1678313 > > > > > > > > > > Note: depends on evolution-data-server patch > > > > > > > > Cheers! > > > > Sylvain Beucler / Debian LTS > > > > > > Dear Maintainers, > > > > > > I have backported the required patches and tested them on Buster, > > > > they > > > seem to work fine. > > > > > > I have opened PRs against the 2 repos on Salsa, but they both > > > require > > > > a > > > new debian/buster branch to be created as debian/master has moved > > > on > > > > to > > > new releases: > > > > > > > > > > https://salsa.debian.org/gnome-team/evolution-data-server/merge_requests/1 > > > > > > > > > > https://salsa.debian.org/gnome-team/evolution-ews/merge_requests/2 > > > > > > > > > It would be great if we could have evolution-ews in Buster, as > > > it's > > > > the > > > only way to use exchange/o365 for Debian users. > > > > > > Thanks! > > > > Dear Maintainers, > > > > As things stand, Buster users will have no way to use a GUI email > > client with an Exchange/OWA/O365 email server. They will have to > > stay > > on Stretch and completely skip Buster, or move to a different > > distribution. If they were to upgrade from Stretch to Buster, their > > email accounts would simply disappear from their evolution > > instances, > > without any explanation nor warning. > > > > I'd like to propose to upload the changes mentioned above to > > unstable, > > let them migrate to Bullseye and then upload to buster-backports, > > so > > that users on Buster have at least that path to avoid breaking this > > functionality. This needs to be done before 3.32 moved from > > experimental to unstable of course. > > > > I'd be more than happy to do all of the above work via NMUs. The > > evolution-data-server change is backward compatible and does not > > require a rebuild of reverse dependencies. Are there any objections > > to > > this idea? > > > > Thank you! > > Dear Maintainers, Uploaders and Gnome Team, > > As mentioned in the previous mail, I intend to upload to DELAYED/7 > NMUs > for evolution-data-server and evolution-ews on Friday afternoon (GMT- > ish). I am attaching the debdiffs for both. > > Please let me know if there are any objections. > > If there are no objections and the NMUs are not cancelled and make it > to unstable, and then migrate to bullseye, I then intend to upload > the > equivalent ~bpo binary NMUs to buster-backports. This way, stretch > users that enabled buster-backports before the dist upgrade should > have > an upgrade path that allows them not to lose their inboxes, calendars > and so on. > > Thank you!
Dear Maintainers, Uploaders and Gnome Team, I have now uploaded the above mentioned NMUs to DELAYED/7 as previously mentioned. -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part
