Hi Adam, Thanks for the quick reply.
On Wed, Mar 25, 2015 at 07:59:06AM +0000, Adam D. Barratt wrote: > retitle 781141 unblock: dulwich/0.9.7-2 > user release.debian....@packages.debian.org > usertags 781141 = unblock > tags 781141 + moreinfo > thanks > > On 2015-03-25 1:31, Jelmer Vernooij wrote: > [...] > >User: release.debian....@packages.debian.org > >Usertags: pu > > Updates via t-p-u are unblocks; "pu" is intended for stable updates. I > realise that this apparently isn't clear from the reportbug wording. I was told to file a bug when I asked on #debian-release about uploading to testing-proposed-updates. > >I'd like to upload a new version of dulwich to testing-proposed-updates. > >unstable already has a new upstream version (0.9.8) from an upload in > >November, and has diverged from testing. > > > >This upload would fix two serious security bugs: > > > >#780958 CVE-2015-0838: buffer overflow in C implementation of pack > >apply_delta() > >#780989 CVE-2014-9706: does not prevent to write files in commits with > >invalid paths to working tree > > +dulwich (0.9.7-3) unstable; urgency=medium > > s/unstable/jessie/ :) Whoops, fixed :) > The patches look okay, but according to the BTS metadata both bugs affect > the package in unstable and are not yet fixed there. If that's correct, > please fix unstable and then get back to us; if it's not, please fix the > metadata to indicate where the bugs are fixed. The upload for unstable is probably stuck in NEW (behind another change that required NEW processing). Cheers, Jelmer
signature.asc
Description: Digital signature
