Hi Pierre,

On Sun, Jun 05, 2016 at 01:34:53PM +0200, Pierre Schweitzer wrote:
> Dear all,
> 
> The CVE 2016-4414 was identified earlier in Quassel, which allows an
> unauthenticated remote DoS in quassel-core. Its associated bug report in
> Debian BTS is: #826402.
> Please find attached a debdiff & dsc that address the backport for
> fixing the vulnerability in Jessie.
> Please, note that due 'compilation' issues (Quassel build for jessie
> isn't C++11 ready), I removed cosmetic change from the cherrypicked
> commit (return 0 -> return nullptr) and only kept functional changes.
> Would you be able to sponsor the upload, as I can't?
> Thanks for your help.

Thanks for preparing the update. As the issue is 'no-dsa', you first
need to get an ack from the stable release managers. There is
documentation here, hope it helps:

https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#upload-stable

Hope then someone of the maintainers of src:quassel can sponsor your
upload (preferred), if not please let me know.

Regards and thanks!
Salvatore

_______________________________________________
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

Reply via email to