Hi, On Fri Aug 18, 2017 at 09:01:04 +0200, Mattias Ellert wrote: > tor 2017-08-17 klockan 21:59 +0100 skrev Adam D. Barratt: > > On Thu, 2017-08-17 at 20:22 +0200, Martin Zobel-Helas wrote: > > > Hi, > > > > > > On Thu Aug 17, 2017 at 16:38:36 +0200, Mattias Ellert wrote: > > > > [...] > > > > +gsoap (2.8.35-4+deb9u1) stretch; urgency=medium > > > > + > > > > + * Fix for CVE-2017-9765 (Closes: xxxx) > > > > + > > > > + -- Mattias Ellert <mattias.ell...@physics.uu.se> Wed, 16 Aug 2017 > > > > 11:58:11 +0200 > > > > + > > > > gsoap (2.8.35-4) unstable; urgency=medium > > > > > > once this changelog has a proper Closes line with bug-number this patch > > > looks sane to me. > > > > Is there actually a Debian bug for the issue? I couldn't find one. > > > > Regards, > > > > Adam > > > > Hi! > > I don't understand the last comment here. > Of course there is a bug - it is this one. > > The reason the debdiff in the request says "Closes: xxxx", is a > chicken-and-egg problem. You are supposed to attach the debdiff to the > request, but before you make the request its BTS number does not yet > exists - so you can't include it in the attachment at creation time. > After I got the confirmation back with the number I updated the > changelog with the bug number.
No, this is the bug report für the p-u upload. What the release team is looking for is a (RC) bug assigned to the package, that describes the real issue, linking the CVEs, ... Cheers, Martin -- Martin Zobel-Helas <zo...@debian.org> Debian System Administrator Debian & GNU/Linux Developer Debian Listmaster http://about.me/zobel Debian Webmaster GPG Fingerprint: 6B18 5642 8E41 EC89 3D5D BDBB 53B1 AC6D B11B 627B
