Control: tags -1 confirmed moreinfo Mark Hindley: > Package: release.debian.org > Severity: normal > User: [email protected] > Usertags: unblock > > As the maintainer of apt-cacher I would like to seek pre-approval for an > update > to apt-cacher/1.7.13 in testing to fix a security issue. > > CVE-2017-7443 identified a HTTP splitting security issue (#858739) in > apt-cacher. This was fixed in unstable with upload of version 1.7.15 on 25th > March with no regressions reported since. Targeted updates have already been > made to wheezy and approved for jessie (with upload pending). > > apt-cacher 1.7.13 in testing is still vulnerable. I have packaged > 1.7.13+debu9u1 > with a targeted backport of the fix. I would like to seek pre-approval of > upload > to testing. > > The debdiff against 1.7.13 is: > > Changes at debian/1.7.13 > Modified apt-cacher > [...] > > Thanks, > > Mark > > [...] >
Ack, please go ahead and remove the "moreinfo" tag once the upload has been carried it out. Thanks, ~Niels
