Control: tags -1 confirmed moreinfo
Robert Luberda:
> Package: release.debian.org
> Severity: normal
> User: release.debian....@packages.debian.org
> Usertags: unblock
>
> Please approve sysstat 12.0.3, which is upstream bugfix release,
> for uploading to unstable and migrating to testing.
>
> [...]
>
> I uploaded systat 12.0.3-1 to experimental a few days ago with the
> following changelog:
>
> sysstat (12.0.3-1) experimental; urgency=medium
>
> * New upstream stable version:
> + sadf: Fix out of bound reads security issues (CVE-2018-19416 and
> CVE-2018-19517, closes: #914384, #914553);
> + sadf: Fix possible infinite loop;
> + sar: Fortify remap_struct() function to prevent possible crashes on
> reading binary datafiles generated by older versions of sysstat.
> * systat.init.d: revert a change introduced in 11.5.5-1, as it caused
> the start script to fail to execute the command that adds "Linux
> Restart"
> marker into statistics file on systems on which systemd is not used.
> Thanks to Georgios Zarkadas for noticing this (closes: #924864).
> * debian/rules: replace deprecated dh_systemd_start by dh_installsystemd,
> as suggested by lintian; the former command wass ignored by debhelper
> v11,
^^^^
Typo
> what in turn resulted in the `--no-start' option being ignored, and the
> restart markers were incorrectly added during package upgrades.
>
> -- Robert Luberda <rob...@debian.org> Sun, 17 Mar 2019 23:09:46 +0100
>
> The debdiff against buster is attached.
>
> If you think this version would be OK for buster, then I can upload -2
> to unstable, with no other changes, except for Debian changelog entry.
>
> Otherwise please let me know what would you approve, and what I should do:
> - backport patch [3] only (but I don't think this would be safer);
> - backport both patches, i.e. [3], and [4] (but those are the biggest ones);
> - something else.
>
> Regards,
> robert
>
>
> [...]
Please go ahead with 12.0.3-1 for buster and remove the moreinfo tag
when it is ready for unblocks.
Thanks,
~Niels
