On Fri, Feb 03, 2017 at 10:07:55AM +0100, Sebastiaan Couwenberg wrote: > Dear LTS Team, > > Vincent Privat of the JOSM development team have provided a fix for > CVE-2017-5617 (#853134). > > I've included a patch with his changes in the Debian package, and > uploaded it to unstable, and backported the patch for the jessie & > wheezy packages. > > Affected versions: > > * jessie: 0~svn95-1 > * wheezy: 0~svn95-1 > > Fixed versions: > > * jessie: 0~svn95-1+deb8u1 > * wheezy: 0~svn95-1+deb7u1 > > Are these changes OK for upload to security-master?
Thanks for looking into this! Looks good from the LTS point of view (wheezy-security)! Feel free to upload. Since you did not cc the security team (secur...@debian.org) for jessie-security I assume you sent a separate mail? Do you want to send the DLA as well or should I handle it? Note that you can only upload the orig.tar.gz once (either for wheezy-security or jessie-security) since both use the same upstream versions. Cheers, -- Guido
