On 07/04/2019 20:28, Reinhard Tartler wrote: > On 4/4/19 3:38 PM, Moritz Mühlenhoff wrote: >> On Tue, Apr 02, 2019 at 10:40:44PM -0400, Reinhard Tartler wrote: >>> Ah, that's great news. I didn't realize that Moritz backported the >>> security fixes to an earlier upstream version. I managed to locate the >>> git commits but wasn't comfortable with backporting them to version 0.5.2, >>> not all of them applied cleanly and I lacked the confidence to resolve >>> the conflicts. >>> >>> Thanks Moritz for taking care of this! >> >> Yeah, I sent a mail to debian-multimedia@ldo about this, but seems to have >> fallen through the cracks: >> https://lists.debian.org/debian-multimedia/2019/03/msg00081.html > > That's entirely possible, I must have overlooked that email. My apologies. > > >> BTW, I also prepared an MR on salsa for the remaining open security issues >> in src:audiofile, it would be great if anyone in the debian multimedia >> team could merge and upload: >> https://salsa.debian.org/multimedia-team/audiofile/merge_requests/1 > > Seems Sebastian already took care of this and the upload last Friday. :-) > > >>> Given we do have those RC bugs fixed with more targeted patches, I >>> no longer see the urgency to get 0.7.1 into unstable. Would you agree >>> with having 0.7.1 in experimental instead? If so, I'd upload it as >>> 0.7.1-2 to experimental. >> >> experimental should be fine, as it's totally to the freeze process. > > Uploaded 0.7.1-2 to experimental, which is (again) in NEW. Thorsten, > let me know if there are any issues with that upload.
0.7.1-1 is still in NEW targetting unstable, so if -2 gets accepted, -1 will end up in unstable. Thus this needs to be rejected, and then reuploaded (whether as -1 or something else). Cheers, Emilio
