retitle 781141 unblock: dulwich/0.9.7-2
user release.debian....@packages.debian.org
usertags 781141 = unblock
tags 781141 + moreinfo
thanks
On 2015-03-25 1:31, Jelmer Vernooij wrote:
[...]
User: release.debian....@packages.debian.org
Usertags: pu
Updates via t-p-u are unblocks; "pu" is intended for stable updates. I
realise that this apparently isn't clear from the reportbug wording.
Hello,
I'd like to upload a new version of dulwich to
testing-proposed-updates.
unstable already has a new upstream version (0.9.8) from an upload in
November, and has diverged from testing.
This upload would fix two serious security bugs:
#780958 CVE-2015-0838: buffer overflow in C implementation of pack
apply_delta()
#780989 CVE-2014-9706: does not prevent to write files in commits with
invalid paths to working tree
+dulwich (0.9.7-3) unstable; urgency=medium
s/unstable/jessie/ :)
The patches look okay, but according to the BTS metadata both bugs
affect the package in unstable and are not yet fixed there. If that's
correct, please fix unstable and then get back to us; if it's not,
please fix the metadata to indicate where the bugs are fixed.
Regards,
Adam
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/32c28edcd1a1bc5f59c006cb21370...@mowgli.jungle.funky-badger.org
