Package: release.debian.org Severity: normal Tags: jessie User: [email protected] Usertags: pu
Hi, I have prepared a patch for hexchat_2.10.1-1 in jessie for this issue, https://security-tracker.debian.org/tracker/TEMP-0776609-026A07 It is also referenced in debian bug # 818009. I am the hexchat maintainer and this patch comes from upstream, via the following 2 commits: https://github.com/hexchat/hexchat/commit/c99f2ba645d1f4d01d6d2bb0cc1238825e15c604 https://github.com/hexchat/hexchat/commit/b6fa8574cb8e57db311fff2ada7ede3548617dd3 (The first commit depends on the changes made in the second.) I built the updated package in a jessie pbuilder and tested it in a jessie vm. I can verify that: - hexchat now verifies hostnames when ssl is in use - hexchat appears to behave normally otherwise I spoke with the debian security team and they advised me that they would not issue a DSA for this, and that I should submit it to jessie-proposed-updates instead. Please let me know if you require anything else. Thanks sney -- System Information: Debian Release: 8.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
