¡Hola Moritz! El 2018-05-09 a las 20:28 +0200, Moritz Mühlenhoff escribió:
On Fri, May 04, 2018 at 09:10:47PM +0200, Maximiliano Curia wrote:¡Hola Moritz!
El 2018-05-03 a las 23:18 +0200, Maximiliano Curia escribió:¡Hola Moritz!
El 2018-05-03 a las 22:56 +0200, Moritz Muehlenhoff escribió:On Thu, May 03, 2018 at 07:29:42PM +0200, Maximiliano Curia wrote:Hi,
Following up the upstream announcement of a security flaw in kwallet-pam [1] I would like to upload the upstream fixes to stretch. All the versions prior the (not yet released) 5.12.6 are affected by this. The fix was backported by upstream to plasma 5.8, which is what we shipped in stretch.
The latest 5.8 upstream version (5.8.9), only has a version bump, and a minor translation update, which are not relevant. [2]
I have already uploaded the fixes to unstable.
I'm attaching the corresponding debdiff.
Looks good. Please build with -sa since kwallet-pam is new in stretch-security and upload to security-master. I'll take care of the DSA.
Uploaded, thanks for taking care of this!
If you the patched versions are still not published, please don't publish them, there are a couple of reported regressions with the patches as is.
https://bugs.kde.org/show_bug.cgi?id=393856
https://bugs.debian.org/897687
https://bugs.launchpad.net/ubuntu/+source/kwallet-pam/+bug/1769187
https://bugs.archlinux.org/task/58446?project=1&string=kwallet-pam
I'm really sorry about this.
Is the stderr fix all that was needed in addition? If so, can you upload a revised package?
Reuploaded, I used the same version, let me know if you prefer/need a version bump. Thanks for working on this. Happy hacking, -- Se necesitan voluntarios para dominar el mundo. Saludos /\/\ /\ >< `/
signature.asc
Description: PGP signature
