Hi, On Fri Aug 18, 2017 at 11:35:21 +0200, Mattias Ellert wrote: > tor 2017-08-17 klockan 20:21 +0200 skrev Martin Zobel-Helas: > > Hi, > > > > On Thu Aug 17, 2017 at 16:38:30 +0200, Mattias Ellert wrote: > > > Package: release.debian.org > > > Severity: normal > > > Tags: jessie > > > User: release.debian....@packages.debian.org > > > Usertags: pu > > > > > > This is a proposal to fix CVE-2017-9765 in jessie. > > > debdiff is attached. > > > > > > Mattias Ellert > > > diff -Nru gsoap-2.8.17/debian/changelog gsoap-2.8.17/debian/changelog > > > --- gsoap-2.8.17/debian/changelog 2014-07-11 13:45:59.000000000 +0200 > > > +++ gsoap-2.8.17/debian/changelog 2017-08-16 11:30:40.000000000 +0200 > > > @@ -1,3 +1,9 @@ > > > +gsoap (2.8.17-1+deb8u1) jessie; urgency=medium > > > + > > > + * Fix for CVE-2017-9765 (Closes: xxxx) > > > + > > > + -- Mattias Ellert <mattias.ell...@physics.uu.se> Wed, 16 Aug 2017 > > > 11:30:40 +0200 > > > + > > > gsoap (2.8.17-1) unstable; urgency=medium > > > > once this changelog has a proper Closes line with bug-number this patch > > looks sane to me. > > > > Cheers, > > Martin > > (former stable release manager) > > > > Closes statement removed as requested. > See bug #872441 for the discussion.
No. You want to open a bug report against your own package, telling there is a security bug. and you want to refer that on in the closes statement. -- Martin Zobel-Helas <zo...@debian.org> Debian System Administrator Debian & GNU/Linux Developer Debian Listmaster http://about.me/zobel Debian Webmaster GPG Fingerprint: 6B18 5642 8E41 EC89 3D5D BDBB 53B1 AC6D B11B 627B
