On Wed, Nov 30, 2016 at 04:05:20PM -0500, Antoine Beaupré wrote:
> +nss (2:3.26.2-1+debu7u1) UNRELEASED; urgency=high
> + * Non-maintainer upload by the LTS Security Team.
> + * New upstream release to fix CVE-2016-9074
Depending on what is done this should be either 2:3.26.2-0+debu7u1 or
2:3.26.2-1~debu7u1, but 2:3.26.2-1+debu7u1 is higher than 2:3.26.2-1.
The former if you import new orig source on top of the previous
packaging to indicate the new import and have a version which is
before any possible such ones uploaded to unstable (which is even true
in this case because 2:3.26.2-1 is currently in unstable). The later
is often prefered if the package is mostly are build of :3.26.2-1 for
Wheezy. (The later proposed version works obviously as well in the
case of just a new upstream import, but Release team has often as well
done that distinction for the ~debXuY suffix).