On Mon, 2015-01-12 at 09:52 +0100, Stephen Kitt wrote: > Le 12/01/2015 08:15, Adam D. Barratt a écrit : > > On Mon, 2015-01-12 at 06:47 +0100, Stephen Kitt wrote: > >> binutils was recently updated in wheezy-security and wheezy-p-u to fix > >> a number of security issues identified in DSA-3123-1; of these, a > >> number concern binutils-mingw-w64 as well, so it would be great if it > >> could be rebuilt in those suites... (It will pick up the patches from > >> binutils-source.) > > > > We won't schedule binNMUs in -security for packages that DSAs haven't > > been issued for, at least not without the security team's request / > > agreement - it's just going to confuse everyone. > > Right, I should have mentioned that Michael Gilbert suggested I file > this after I asked what I should do about the DSA. I've asked the > security team to confirm this request.
Okay, thanks for the explanation. We'll hold off until that's confirmed. > >> nmu binutils-mingw-w64_2 . ALL . -m "Rebuild for DSA-3123-1 > >> (CVE-2014-8501, CVE-2014-8502, CVE-2014-8737, CVE-2014-8738)." > > > > For suites other than unstable, the suite name needs to be specified in > > the call (the above will simply fail, as wanna-build won't find the > > specified version in unstable). > > Indeed, sorry about that: > > nmu binutils-mingw-w64_2 . ALL . wheezy-proposed-updates . -m "Rebuild > for DSA-3123-1 (CVE-2014-8501, CVE-2014-8502, CVE-2014-8737, > CVE-2014-8738)." > nmu binutils-mingw-w64_2 . ALL . wheezy-security . -m "Rebuild for > DSA-3123-1 (CVE-2014-8501, CVE-2014-8502, CVE-2014-8737, > CVE-2014-8738)." fwiw we won't do both of those. If the package is binNMUed in -security then the packages will get copied from there to p-u, as they do for source uploads. Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
