Your message dated Tue, 15 Mar 2011 13:17:40 +0000
with message-id <[email protected]>
and subject line Re: Bug#617444: clamav: (PRSC) Please backport fix for
CVE-2011-1003
has caused the Debian Bug report #617444,
regarding clamav: (PRSC) Please backport fix for CVE-2011-1003
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
617444: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617444
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: clamav
Version: 0.96.5+dfsg-1.1
Severity: important
Tags: squeeze
Usertags: prsc-target-squeeze
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear maintainer,
Recently you fixed one or more security problems as identified in the subject.
These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.1)
Please prepare a minimal-changes upload targetting each of these suites,
and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.
Alternatively, if the suite is not affected by this problem please tell
me and close the bug, and I will update our tracker.
I will happily assist you at any stage if the patch is straightforward and
you need help or lack time. Please keep me in CC at all times so I can
track the progress of this request.
For details of this process and the rationale, please see the original
announcement [1] and my blog post [2].
0: [email protected]
1: <[email protected]>
2: http://deb.li/prsc
Thanks,
with his security hat on:
- --
Jonathan Wiltshire [email protected]
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJNdsA0AAoJEFOUR53TUkxRscwQAKpCNKH5saP3HgUin17oVa+W
vzaI86JSwleNsLcXKz50s6dxALy6cQX0x3+8/bJks/Z8OWDLGpWXPkvmn9D0SUor
0Pvf6MNNtjh8EN1Ahbth2ywoVlVDxI3YPeU6gdCDduFmyXeBA9rzDgQkzmmUY/uU
FM8E3bbT2i/8S8QOA9QHX4FgwY4wRCxLpope7+ryl7cqX1dq8/7hHsjAotV49+gM
wkWY1qE35AHrUmKefhj2WJ1Qe/wsL1hDKICj0icgQU8riddcSErJTULuv4rKwMee
h2zmYx1yXpd7L0YPUT2k5NYG/raG/w8XIaED/SgYBS63gOvTdLYmq7TiwpdR7DSg
Q8jtZPLsspkpJ40V1XNc6djV59AcfoCPYoFNIHiPFiZ5dETNnOxPxHfJHPw+6Wz7
ObQvNYwb3bPDbXo+3aaYnjO9abBlU82ST2JPD4WC1StI98qVPh3uEa/oJ4jYU0ng
WTibahGFVjcvGho8y+dw5CozRnNlywbqY8Cwwrkb2SWnXAkacAg0XFF5BJPtGN6Q
qbPa+kYJvJbUMQkJ2U7pVs9SDuRQEd03jNlW0hHBRD/innnyWcKFWDL4OwXbdrdA
sOBQDn2UoefJmoWbtjfpSJseVWTRIM6wFMOj7iPilYplcErlOn2NajtygHVsSWhq
w2ntJkeH5xbsgbX5Bvm8
=Qku1
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Version: 0.97+dfsg-2~squeeze1
Hi all,
[...]
> Apologies for not replying sooner; I seem to have missed this when it
> arrived.
>
Sorry for not getting to it earlier, hence we missed the deadline for the first
point release.
> Just to check: as far as I can see the SONAME hasn't changed in the new
> upstream version, which is a good start :-) Are there any other API
> changes which would mean we would need to rebuild any of the
> reverse-dependencies in stable?
>
To the best of my knowledge, there aren't any changes that would affect the
reverse depends. It's all internal bugfixes.
> If not then please go ahead with the upload as 0.97+dfsg-2~squeeze1 -
> assuming that the upload has been tested in that environment of course.
Minimal testing of the squeeze-specific build has been performed; the same
version, although built for lenny-volatile, is being "tested" in production
environments. I'm now uploading to squeeze-updates.
> As Jonathan said, the window for acceptance in to 6.0.1 closes tomorrow
> so it would be good if the upload could be made before the final
> dinstall tomorrow so we can include it in the point release.
>
Sorry for missing that one!
> Note that the versioning for the lenny-volatile upload originally used
> -2~volatile1, which was higher than my request above. As a result that
> version will be adjusted to -2~lenny1 before it is released.
>
Yes, noted that one (and thanks Philipp Kern for fixing it without further
hassle). Future uploads to lenny-volatile will follow these guidelines.
Best regards,
Michael
pgpcf8mUwAtV9.pgp
Description: PGP signature
--- End Message ---
_______________________________________________
Pkg-clamav-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
