Hi, On Fri, 2013-05-10 at 04:01 +0000, Debian Queue Viewer wrote: > diff -Nru keystone-2012.1.1/debian/changelog > keystone-2012.1.1/debian/changelog > --- keystone-2012.1.1/debian/changelog 2013-02-19 16:11:56.000000000 > +0000 > +++ keystone-2012.1.1/debian/changelog 2013-05-10 02:19:29.000000000 > +0000 > @@ -1,8 +1,16 @@ > +keystone (2012.1.1-13+wheezy1) wheezy-proposed-updates; urgency=low > + > + * CVE-2013-2059: Keystone tokens not immediately invalidated when user is > + deleted [OSSA 2013-011]. Added backported to Essex patch which I > picked-up > + from Launchpad. Thanks to the Canonical security team (Closes: #707598).
Was this upload discussed with anyone on the release team beforehand? > + -- Thomas Goirand <[email protected]> Fri, 10 May 2013 10:09:14 +0800 > + > keystone (2012.1.1-13) unstable; urgency=high > > * CVE-2013-0282: Ensure EC2 users and tenant are enabled (Closes: #700947). > - * CVE-2013-0280: Information leak and Denial of Service using XML entities > - (Closes: #700948). > + * CVE-2013-1664 & CVE-2013-1665: Information leak and Denial of Service > using > + XML entities (Closes: #700948). Why isn't this change, and the corresponding noise of renaming and modifying the patch content, mentioned in the changelog? Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
