On 15 March 2017 at 08:37, Salvatore Bonaccorso wrote: | Hi, | | On Mon, Mar 13, 2017 at 10:12:56PM +0100, Ola Lundqvist wrote: | > Hi Dirk | > | > I had a quick look at this but I stumbled on the version of the package. | > Why 3.1.1-1+deb3.3.3u1 ? | > And not 3.1.1u1 or even better 3.1.1+deb8u1 ? | | For the versioning: jessie currently has 3.1.1-1. By only applying the | patches addressing the CVE, then the version should be 3.1.1-1+deb8u1. | | Cf. https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#bug-security-building
Thanks for confirming ... and that is what I pushed last evening, and which got accepted. Shall we 'repeat' for oldstable as 3.1.1-1+deb7u1 or wait til the stable fix has progagated through? (Unstable is fine per a fix in upstream sources.) Dirk -- http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org
