Hi Guilhem, On Sat, Apr 21, 2018 at 02:13:54AM +0200, Guilhem Moulin wrote: > On Fri, 20 Apr 2018 at 05:18:36 +0200, Salvatore Bonaccorso wrote: > > Thanks for following up for stretch. First a quick comment. Please > > always CC t...@security.debian.org on such questions for if an update > > is wanted for DSA. This alows team members to better share the load > > for review, release, etc ... (and it's recorded futhermore on the team > > alias). > > Oops, I assumed that the Security Team received all bugs tagged > ‘security’ so I omitted the CC on purpose… my bad.
Unfortunately, or fortunately not (yet), getting all comunication with Tag security set will overwhelm our mailboxes. But as an improvement step we are planning to get initial submissions with security tag set. Until now that happens only if someone uses reportbug to fill the issue, adding a X-Debbugs-CC, but not if one fills wihout reportbug a bug. Cf. #895661. Sorry, got now longer as I want. My only intention was to quickly state that for future cases, so we might distributed workload within the team better. > > > I think we should release this through stretch-security. The debdiff > > per se looks already good. Were you able to test the update in > > production under stretch? > > Yes, I did test the update. Perfect. > > There is though one no-dsa issue, > > https://security-tracker.debian.org/tracker/CVE-2018-1000071 which > > would be good to be included. Could you backport that fix as well and > > send a new debdiff for quick review+ack for upload? > > Sure, new debdiff attached. Looks good to me, please do upload to security-master. Regards, Salvatore