Am 25.09.20 um 22:24 schrieb Roberto C. Sánchez: > On Fri, Sep 25, 2020 at 10:04:59PM +0200, Markus Koschany wrote: >> Hello Roberto, >> >> Am 25.09.20 um 21:25 schrieb Roberto C. Sánchez: >>> Hello fellow LTS people, >>> >>> I am working on an update for the squid3 package. At this time there >>> are 4 open CVEs, of which 3 have patches that apply with little or no >>> change required. However, the patch for CVE-2020-15049 does not apply >>> at all. >> >> You should have been aware that I have prepared the last update of >> squid3. I have just noticed that the NOTE on the squid entry in >> dla-needed.txt was removed but the last status was that the package >> simply needs more testing. Hence I didn't bother to readd myself but the >> NOTE was self-explaining (in ELTS and LTS). >> > Hmm. The note removal is unfortunate :-/
The NOTE was updated on 31.08. but it seems DLA-2278-3 removed the NOTE on 04.09. and I forgot to readd it again. [...] > So, what is the best way to proceed? I presume based on your above > comment that you have already prepared the packages for upload. Are > those the same packages you referenced in your RFT message on 1st July? > (I had to go hunting through the archive to locate the reference.) > Should I review the backported code? The time I have spent digging > through the Git history should be beneficial in such a review. Yes, I have done the backport already but I wanted to wait for the feedback of a user who reported another parsing issue in #965012. At the moment I believe the current header parsing is correct but I am still investigating why the reported problem exists in the first place. Since I have not received any other reports, it could be a server configuration issue. If I don't find the underlying problem this weekend, I will upload the new update to people.debian.org and send a RFT to debian-lts. I would appreciate testing and feedback from you and other contributors because the package is obviously still used by several users and companies but they don't seem to be subscribed to debian-lts. Regards, Markus
signature.asc
Description: OpenPGP digital signature
