Hi Salvatore, I'll get the wheezy-security package built and tested and send an update as soon as it's done.
regards, Lars Tangvald ----- Original Message ----- From: car...@debian.org To: robie.ba...@ubuntu.com Cc: 811...@bugs.debian.org, t...@security.debian.org Sent: Thursday, January 21, 2016 8:15:30 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna Subject: [debian-mysql] Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU Hi Robie, On Thu, Jan 21, 2016 at 09:46:13AM +0000, Robie Basak wrote: > Dear Security Team, > > You have asked us to be prompt with helping to prepare security updates > for you, and we have done so. We have kept the bug updated like you > asked us last time. The sources are tested and ready. We notified the > bug as requested, but haven't heard from you. Please let us know how you > want to coordinate uploading this. Thanks for preparing an update. We usually would see a debdiff from the resulting built package (in case of a new upstream import this can get big, so some autogenerated files can be filtered out). We have collected important information for us in advisory preparation in https://wiki.debian.org/DebianSecurity/AdvisoryCreation especially relevant from the developers point of view preparing the update https://wiki.debian.org/DebianSecurity/AdvisoryCreation/SecurityDev . The changelog itself looks good to me from a quick skim trough. It addresses all the information we would like to have seen there (CVE references, bug fixed, reference to Oracle CPU). Thank you. Important question first: What is the status for the wheezy-security package for those issues? Plase make sure for the following: Once you have both, built the jessie-security one with -sa to include the original orig.tar.gz and the wheezy-security one explicitly without -sa to not include the orig source tarball. Then we need a bit of coordination for the upload order, since mysql-5.5 is a special case with same source orig.tar.gz for both wheezy and jessie. Someone of your team with GPG key in the DD keyring might then upload first the jessie-security one to security-master, and after it gets accepted there, upload the wheezy-security one. Regards, Salvatore _______________________________________________ pkg-mysql-maint mailing list pkg-mysql-ma...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint
