Control: tag -1 confirmed On Fri, Aug 18, 2017 at 11:35:09AM +0200, Mattias Ellert wrote: > fre 2017-08-18 klockan 08:46 +0100 skrev Adam D. Barratt: > > On 2017-08-18 8:01, Mattias Ellert wrote: > > > tor 2017-08-17 klockan 21:59 +0100 skrev Adam D. Barratt: > > > > On Thu, 2017-08-17 at 20:22 +0200, Martin Zobel-Helas wrote: > > > > > Hi, > > > > > > > > > > On Thu Aug 17, 2017 at 16:38:36 +0200, Mattias Ellert wrote: > > > > > > > > [...] > > > > > > +gsoap (2.8.35-4+deb9u1) stretch; urgency=medium > > > > > > + > > > > > > + * Fix for CVE-2017-9765 (Closes: xxxx) > > > > [...] > > > > Is there actually a Debian bug for the issue? I couldn't find one.
I've been trying to unpick exactly whether this issue is fixed in unstable or not. I can only assume so since the security tracker claims it so (https://security-tracker.debian.org/tracker/CVE-2017-9765) but your changelog for 2.8.49-1 doesn't mention the CVE. I presume the CVE wasn't yet public before you fixed it? This is why a tracking bug against the package, even after the event, is helpful when someone who has no other connection with the package gets a request to look into it. (Incidentally the fixed versions on #859932 confused me until I realised that you're including previous uploads in your changes every time you upload. You really needn't do that, it just ends up generating lies in the version tracking.) > diff -Nru gsoap-2.8.35/debian/changelog gsoap-2.8.35/debian/changelog > --- gsoap-2.8.35/debian/changelog 2016-12-06 09:32:36.000000000 +0100 > +++ gsoap-2.8.35/debian/changelog 2017-08-16 11:58:11.000000000 +0200 > @@ -1,3 +1,9 @@ > +gsoap (2.8.35-4+deb9u1) stretch; urgency=medium > + > + * Fix for CVE-2017-9765 > + > + -- Mattias Ellert <mattias.ell...@physics.uu.se> Wed, 16 Aug 2017 11:58:11 > +0200 Please go ahead, but a little more detail in your changelog (what is CVE-2017-9765 and what changed to fix it?) is always appreciated. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51