¡Hola Moritz! El 2018-05-03 a las 23:18 +0200, Maximiliano Curia escribió:
¡Hola Moritz!
El 2018-05-03 a las 22:56 +0200, Moritz Muehlenhoff escribió:On Thu, May 03, 2018 at 07:29:42PM +0200, Maximiliano Curia wrote:Hi,
Following up the upstream announcement of a security flaw in kwallet-pam [1] I would like to upload the upstream fixes to stretch. All the versions prior the (not yet released) 5.12.6 are affected by this. The fix was backported by upstream to plasma 5.8, which is what we shipped in stretch.
The latest 5.8 upstream version (5.8.9), only has a version bump, and a minor translation update, which are not relevant. [2]
I have already uploaded the fixes to unstable.
I'm attaching the corresponding debdiff.
Looks good. Please build with -sa since kwallet-pam is new in stretch-security and upload to security-master. I'll take care of the DSA.
Uploaded, thanks for taking care of this!
If you the patched versions are still not published, please don't publish them, there are a couple of reported regressions with the patches as is.
https://bugs.kde.org/show_bug.cgi?id=393856 https://bugs.debian.org/897687 https://bugs.launchpad.net/ubuntu/+source/kwallet-pam/+bug/1769187 https://bugs.archlinux.org/task/58446?project=1&string=kwallet-pam I'm really sorry about this. Happy hacking, -- "The sooner you start to code, the longer the program will take." -- Roy Carlson Saludos /\/\ /\ >< `/
signature.asc
Description: PGP signature
