On Sat, Aug 09, 2014 at 06:19:00AM -0400, Michael Gilbert wrote: > package: src:pam > severity: important > version: 1.1.3-7 > tags: security
> Multiple directory traversal issues have been fixed in pam_timestap: > https://security-tracker.debian.org/tracker/CVE-2014-2583 Which according to elsewhere in my mailbox, you've dealt with by uploading a 10-day delayed NMU. This is unacceptable. The NMU process always requires that you send your NMU diff to the BTS for review by the maintainer *first*. When doing a delayed NMU, it's reasonable to send this diff to the BTS at the same time. Here, you have failed to send this NMU diff at all, and the only notification has been an easily-overlooked mail from the ftp-master queue software. Maintainers should not have to go grubbing around in the delayed queue to find out what's been uploaded. The NMUer is responsible for sending the NMU diff to the maintainer. I have removed pam_1.1.3-8.1_amd64.changes from the delayed queue. If you have changes that you would like to see included in this package, please send them to the BTS where they belong. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: Digital signature