Hi, On Wed, 27 May 2015, Sven Eckelmann wrote: > > In any case, I reviewed your debdiff and it looks good. Feel free to > > proceed with the upload and the release of the DLA to > > [email protected]. > > > > If you need sponsorship, please let us know. > > Thanks for all the information. I still have a small question: > > Is the debian-backports-announce@ mailing list moderated? The DLA > announcement > went to this mailing list 7h ago and I got no feedback. Not for the first > unsigned mail (sorry about that but the ml should not accept it) and not for > the one signed with my DM key (PGP/MIME).
Bah, sorry, the good list was obviously [email protected] and not [email protected]. Assuming you sent your mail to [email protected] (and it looks like so given the mail you attached), then you can contact listmasters ([email protected] in copy) to find out why the mail did not get through. Their advice is usually to resend the mail with an inline PGP signature (i.e. without MIME encoding). Enigmail for instance is known to generate problematic PGP/MIME... (I use mutt with PGP/MIME without problem that said) [ I leave the rest of the mail for the benefit of the listmasters ] > The wiki page says [1] the mailing list is accepting valid signatures with DD > and DM keys. The mailing list page informs [2] the reader that only DD signed > messages are accepted. So I am currently unsure how to proceed. But I've > attached my mail in case someone wants to check if there is anything wrong > with the PGP/MIME signature. > Date: Wed, 27 May 2015 13:55:56 +0200 > From: Sven Eckelmann <[email protected]> > To: [email protected] > Subject: [DLA 228-1] exactimage security update > Message-ID: <6824467.bCIuEXgBhs@bentobox> > > Package : exactimage > Version : 0.8.1-3+deb6u4 > CVE ID : CVE-2015-3885 > Debian Bug : 786785 > > A vulnerability has been discovered in the ExactImage image manipulation > programs. > > CVE-2015-3885 > > Eduardo Castellanos discovered an Integer overflow in the dcraw version > included in ExactImage. This vulnerability allows remote attackers to > cause a denial of service (crash) via a crafted image. > > For the oldoldstable distribution (squeeze), these problems have been fixed > in > version 0.8.1-3+deb6u4. > > For the oldstable, stable, and testing distributions, these problems will be > fixed soon. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
