Hi Joachim, > Raphael Hertzog wrote on 2015-04-10 21:33: > > > If that workflow is a burden to you, feel free to just prepare an > > updated source package and send it to debian-lts@lists.debian.org > > (via a debdiff, or with an URL pointing to the the source package, > > or even with a pointer to your packaging repository), and the members > > of the LTS team will take care of the rest. Indicate clearly whether you > > have tested the updated package or not. > > I would be very pleased, if someone of the LTS team could sponsor > my both packages: > > for squeeze-security: chrony 1.24-3+squeeze2 > see here: http://www.joonet.de/sources/chrony/squeeze-security/ > Both architectures were produced with pbuilder in a clean environment. > The deb files were not tested! > > for wheezy-security: chrony 1.24-3.1+deb7u3 > see here: http://www.joonet.de/sources/chrony/wheezy-security/ > Both architectures were produced with pbuilder in a clean environment. > The deb file for amd64 were tested, but not for i386. > > For your information: > In the "debian" directory I have added a directory "applied" with > all applied patches to the sources, because both packages still > have source format 1.0. Only the three patches 11, 12, 13 are > new. > > Changes since the last uploads: > > * With the following security bugfixes (See: #782160): > - Fix CVE-2015-1853: Protect authenticated symmetric NTP > associations against DoS attacks. > - Fix CVE-2015-1821: Fix access configuration with subnet > size indivisible by 4. > - Fix CVE-2015-1822: Fix initialization of reply slots for > authenticated commands.
The wheezy update looks good, though in the future I'd avoid adding unnecessary changes to the package (the debian/applied/ directory in this case) since it makes reviewing the update harder. Anyway, thanks for preparing the updated packages, I'll take care of the wheezy DSA in a bit. Cheers
signature.asc
Description: Digital signature
