On 2016-05-16 19:13:28, Brian May wrote:
> Brian May <b...@debian.org> writes:
>
>> Any objections by anybody if I upload Antoine Beaupré's packages to
>> Debian, this Monday morning at Melbourne timezone?
>
> Done.
>
> Next step, the DLA. I went through the changelog and remove entries that
> are already marked as fixed in the security tracker. I think we need to
> mark the following as fixed, does this list look correct and complete?
>
> * CVE-2015-2752: xsa125-4.2.patch
> * CVE-2015-2756: xsa126-qemut.patch
> * CVE-2015-5165: xsa140-backport.patch (no-dsa)
> * CVE-2015-5307: xsa156-4.2.patch
> * CVE-2015-7969: xsa149.patch
> * CVE-2015-7969: xsa151.patch
> * CVE-2015-7970: xsa150-4.1.patch (no-dsa)
> * CVE-2015-7971: xsa152-4.5.patch
> * CVE-2015-7972: xsa153-libxl-4.2.patch (no-dsa, xl)
> * CVE-2015-8104: xsa156-4.2.patch
> * CVE-2015-8339: xsa159.patch
> * CVE-2015-8340: xsa159.patch
> * CVE-2015-8550: xsa155-qemut-qdisk-double-access.patch
> * CVE-2015-8550: xsa155-qemut-xenfb.patch
> * CVE-2015-8550: xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch
> * CVE-2015-8550: xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch
> * CVE-2015-8554: xsa164.patch
> * CVE-2015-8555: xsa165-4.1.patch
> * CVE-2015-8615: xsa169.patch
> * CVE-2016-1570: xsa167-4.4.patch
> * CVE-2016-1571: xsa168.patch
> * CVE-2016-2270: xsa154-4.1.patch
> * CVE-2016-2271: xsa170-4.3.patch
It's hard to tell without redoing the exact same process you did
yourself. :p
I would say just go ahead, and we'll need to do a similar sweep in
data/CVE/list later as well.
I'll mark this on my TODO and will do so tomorrow if no one else steps
up.
A.
--
Religion is like a blind man looking in a black room for a black cat
that isn't there, and finding it.
- Oscar Wilde
