fre 2017-08-18 klockan 13:08 +0200 skrev Martin Zobel-Helas: > Hi, > > On Fri Aug 18, 2017 at 11:35:21 +0200, Mattias Ellert wrote: > > tor 2017-08-17 klockan 20:21 +0200 skrev Martin Zobel-Helas: > > > Hi, > > > > > > On Thu Aug 17, 2017 at 16:38:30 +0200, Mattias Ellert wrote: > > > > Package: release.debian.org > > > > Severity: normal > > > > Tags: jessie > > > > User: release.debian....@packages.debian.org > > > > Usertags: pu > > > > > > > > This is a proposal to fix CVE-2017-9765 in jessie. > > > > debdiff is attached. > > > > > > > > Mattias Ellert > > > > diff -Nru gsoap-2.8.17/debian/changelog gsoap-2.8.17/debian/changelog > > > > --- gsoap-2.8.17/debian/changelog 2014-07-11 13:45:59.000000000 > > > > +0200 > > > > +++ gsoap-2.8.17/debian/changelog 2017-08-16 11:30:40.000000000 > > > > +0200 > > > > @@ -1,3 +1,9 @@ > > > > +gsoap (2.8.17-1+deb8u1) jessie; urgency=medium > > > > + > > > > + * Fix for CVE-2017-9765 (Closes: xxxx) > > > > + > > > > + -- Mattias Ellert <mattias.ell...@physics.uu.se> Wed, 16 Aug 2017 > > > > 11:30:40 +0200 > > > > + > > > > gsoap (2.8.17-1) unstable; urgency=medium > > > > > > once this changelog has a proper Closes line with bug-number this patch > > > looks sane to me. > > > > > > Cheers, > > > Martin > > > (former stable release manager) > > > > > > > Closes statement removed as requested. > > See bug #872441 for the discussion. > > No. You want to open a bug report against your own package, telling > there is a security bug. and you want to refer that on in the closes > statement. >
This contradicts what Adam said in bug #872441:
> If there is no bug filed against gsoap that relates to the issue, then
> there should be no bug closed in the changelog.
Can you resolve your differences?
Mattias
signature.asc
Description: This is a digitally signed message part
