On Fri, Jul 29, 2016 at 13:35:36 +0200, Julien Cristau wrote: > Control: tag -1 confirmed > > On Tue, Jul 26, 2016 at 14:14:41 +0300, Sergei Golovan wrote: > > > Package: release.debian.org > > Severity: normal > > Tags: jessie > > User: release.debian....@packages.debian.org > > Usertags: pu > > > > Hi release team! > > > > I'd like to upload stable update for the YAWS web server which would > > fix #832433 (see [1] for details). It's a vulnerability found in quite > > a few products, YAWS passes the HTTP_PROXY environment variable to its > > CGI scripts and takes the value for it from the Proxy: HTTP header > > (see [2]). > > > > The patch for this bug is taken from upstream. The diff is attached. > > > > diff -Nru yaws-1.98/debian/changelog yaws-1.98/debian/changelog > > --- yaws-1.98/debian/changelog 2014-08-18 08:49:39.000000000 +0400 > > +++ yaws-1.98/debian/changelog 2016-07-26 07:48:48.000000000 +0300 > > @@ -1,3 +1,10 @@ > > +yaws (1.98-4+deb8u1) stable; urgency=low > > We usually prefer "jessie" as distribution in changelog. Either way, > feel free to upload. > Uploaded and marked for acceptance into proposed-updates.
Cheers, Julien
