Hey,

> It *will* need to be adjusted. You can't re-upload with a version number 
that's already been used.

I didn't found the rule for the versionnumbers for pu, that's why I havn't 
touched them yet [0].

> Is this actually, as requested, a debdiff of the proposed package, or
> simply the result of comparing the current unstable/testing package
> against stable?

As the version in testing and stable only differ in exactly the fix for this 
CVE, the proposed packages for stretch and the packages in testing are in this 
case the same.

As you look at the debdiffs, it only adds one patch from upstream to fix this 
issue and adds a new entry in debian/changelog. Nothing that could be stripped 
out from the debdiff to fix the CVE.

Sorry for not making it clear enough in first mail, but it is the first time I 
request a pu.

Regards,

sandro

[0] 
https://www.debian.org/doc/manuals/developers-reference/ch05.html#upload-stable

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to