On Fri, 26 Feb 2010 at 11:21:08 +0000, Philipp Kern wrote:
> Post-upload corrections?
I assume Charles refers to this practice: imagine I maintained hello, and
uploaded upstream release 6.6 without initially realising that it contained
a security fix:
hello (6.6-1) unstable; urgency=low
* New upstream release.
-- Simon McVittie <s...@debian.org> Tue, April 1, 2038 09:00:00 +0000
Then in a later upload, I'd want to correct that:
hello (6.6-2) unstable; urgency=medium
* Add patch from upstream to fix build on knetbsd-mipsel and
knetbsd-toaster (Closes: #666666)
* Retroactively note CVE number for 6.6-1
-- Simon McVittie <s...@debian.org> Wed, April 2, 2038 09:00:00 +0000
hello (6.6-1) unstable; urgency=low
* New upstream release.
- Fixes a buffer overflow in excessively long greetings (CVE-2038-001)
-- Simon McVittie <s...@debian.org> Tue, April 1, 2038 09:00:00 +0000
(I conjecture that by 2038, Debian will run on toasters, GNU hello will
be security-sensitive, and we'll still be fixing buffer overflows...)
S
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/20100226125818.ga7...@reptile.pseudorandom.co.uk
