Hi, On Thu, 15 Jan 2015, Nguyen Cong wrote: > Could any one please review it and give me some comments.
I include my comments below but for your next contributions, I would like you to also prepare the small paragraph of explanation that we need to put in the announce that we send to debian-lts-announce. That would save us a little bit of time. > +libevent (1.4.13-stable-1~deb6u1) squeeze-lts; urgency=low The version is not correct, it needs to use "+" instead of "~" because "1.4.13-stable-1~deb6u1" is lower that the current "1.4.13-stable-1" and it would thus not be accepted. We use the tilde when we backport a new upstream version so that the version is lower that the non-backportted version (in jessie/unstable). > + * Non-maintainer upload. It's nice to mention that this is work made in the context of the LTS team so I tend to write "Non-maintaine upload by the Debian LTS team". > + * Fix potential heap overflow in buffer/bufferevent APIs as in > CVE-2014-6272 > + Refer to upstream commit: 7b21c4eabf1f3946d3f63cce1319c490caab8ecf Since we don't have any patch header here, it's nice to include an URL to the upstream patch that we used. Also since there is an associated Debian bug, it's good to add the bug closure so that the BTS knows that the bug has also been fixed in the squeeze branch. I fixed all those small issues and I uploaded the resulting package. Thank you! -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
