Hi Pierre, Thanks for you quick reply, really appreciated.
On Sun, Dec 27, 2015 at 10:55:28AM +0100, Pierre Schweitzer wrote: > Hi Salvatore, > > On 27/12/2015 09:09, Salvatore Bonaccorso wrote: > > Hi Pierre, > > > > On Mon, Dec 14, 2015 at 10:28:26PM +0100, Pierre Schweitzer wrote: > >> Dear all, > >> > >> After having asked for a CVE[0] for this Quassel issue [1], I've > >> uploaded you (attached) a debdiff & dsc to the bug report for an upload. > >> Would you be able to sponsor the upload, as I can't? > >> Or perhaps the maintainers are available for the upload? > > > > Can you help me evaluating the issue, since I'm not a quassel user > > myself: From a quick search and a bit of testing with a > > quassel-client/quassel-core setup, am I right that > > > > a/ multi-user setups with quassel-core are non-default and not > > so frequent? > > It's hard to say. However, there are no well-known Quassel providers (as > you would have for ZNC/BNC). > > > b/ This issue can (only) be triggered by a client connected to a > > quassel core? > > Yes. I think this then can be fixed via a Jessie point release, which is around the corner. Can you contact the SRM to have it scheduled via jessie-pu? Cf. https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#upload-stable You can add me to Cc when you fill the bug against release.debian.org, if you then need a sponsor after the ack of the stable release managers. (n.b.: the targetting distribution needs to be changed to jessie in the debdiff in this case). Regards, Salvatore