On 2019-01-29 11:53, Dirk Eddelbuettel wrote:
This is a follow-up to the discussion in #919324 and subsequent emails
with
Moritz and Salvatore. The two CVEs are genuine and fixed, the issue
however
is no a full-blown denial-of-service etc so Moritz suggested a normal
security upload.
The debdiff is included below, with the distribution changed from
stretch-security to just stretch.
Happy to upload once you give a green light. (System information
remove as I
type this on Ubuntu 18.10 ...)
Apparently it was already uploaded.
patches/updated-upstream-changes | 2699
+++++++++++++++++++++++++++++++++++++++
Aside from being big enough to be non-trivial to review, the filename of
that patch isn't ideal. If there are other upstream changes that need
incorporating in future, are you simply planning on appending to that
patch, rather than having separate patches for specific purposes?
I noticed that your changelog includes a Closes: for this bug. Please
don't do that. Bugs against release.d.o for stable updates get closed by
us once the package is actually in stable (i.e. after a point release
which includes the update has been released); uploading the package is
some way from the end of the process of the fix being available for end
users.
Regards,
Adam
