Control: tags -1 + moreinfo
On 2015-11-11 16:39, Sebastian Lohff wrote:
there has been a directory traversal bug in servefile, it was fixed in
version 0.4.4. I talked to the Debian security team and they said a DSA
would not be necessary and recommended doing a stable-pu. Therefore
I'd like to propose an update to 0.4.4 (debdiff attached).
+servefile (0.4.4-1~deb8u1) jessie; urgency=high
+
+ * New upstream version
That's not really a suitable changelog for an upload to unstable,
particularly one that fixes security issues. It's certainly not suitable
for a stable update.
The point of a changelog entry is to explain the purpose of the upload.
In this case it is to fix a security problem and some other (specific,
and enumerated in upstream's changelog) issues, not simply because a new
upstream release is available. Please make the changelog indicate what
has actually changed - see
https://www.debian.org/doc/manuals/developers-reference/ch06.en.html#bpp-changelog-do
, for example.
Regards,
Adam
