Hi, I'm tring to fix this RC bug: https://security-tracker.debian.org/tracker/CVE-2014-0350 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746637
The history of the Git repository on Alioth do not contain the actual version found in testing. The package was probably built outside the VCS and someone forgot to update the repository. And new versions was added later (uploaded to experimental). I do not want to blame anyone. I want just fix this. Rewriting the git history using git rebase can be an option ? (by setting denyNonFastForwards to false temporaly on Alioth) If not, which are the other options ? I can resolve the bug without the VCS but I prefer a sane basis. Regards, xakz ======== Some detail about the package: http://anonscm.debian.org/cgit/collab-maint/poco.git https://packages.qa.debian.org/p/poco.html Version in squeeze: 1.3.6p1-1+b1 Version in wheezy, jessie, sid: 1.3.6p1-4 tags in the repository: 19:57 xakz@hermes ~/devel/debian/packages/poco/git % git tag debian/1.3.5-1 debian/1.3.6-1 debian/1.3.6p1-1 debian/1.3.6p2-1 debian/1.4.2p1-1 debian/1.4.2p1-10 debian/1.4.2p1-1_real debian/1.4.2p1-2 debian/1.4.2p1-2_real debian/1.4.2p1-3 debian/1.4.2p1-4 debian/1.4.2p1-5 debian/1.4.2p1-6 debian/1.4.2p1-7 debian/1.4.2p1-8 debian/1.4.2p1-9 debian/1.4.3p1-1 debian/1.4.6-1 debian/1.4.6p1-1 upstream/1.3.5 upstream/1.3.6 upstream/1.3.6p1 upstream/1.3.6p2 upstream/1.4.0 upstream/1.4.1 upstream/1.4.1p1 upstream/1.4.2 upstream/1.4.2p1 upstream/1.4.3p1 upstream/1.4.4 upstream/1.4.5 upstream/1.4.6 upstream/1.4.6p1 No tag for debian/1.3.6p1-4 found. No entry in debian/changelog for 1.3.6p1-4 -- Maxime Chatelle (xakz) gpg: 5111 3F15 362E 13C6 CCDE 03BE BFBA B6E3 24AE 0C5B -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
