Hi Salvatore,

Thanks for your answer.

For the record, I created the bug report #826429 for the stable upload.


Le 05/06/2016 14:49, Salvatore Bonaccorso a écrit :
> Hi Pierre,
> On Sun, Jun 05, 2016 at 01:34:53PM +0200, Pierre Schweitzer wrote:
>> Dear all,
>> The CVE 2016-4414 was identified earlier in Quassel, which allows an
>> unauthenticated remote DoS in quassel-core. Its associated bug report in
>> Debian BTS is: #826402.
>> Please find attached a debdiff & dsc that address the backport for
>> fixing the vulnerability in Jessie.
>> Please, note that due 'compilation' issues (Quassel build for jessie
>> isn't C++11 ready), I removed cosmetic change from the cherrypicked
>> commit (return 0 -> return nullptr) and only kept functional changes.
>> Would you be able to sponsor the upload, as I can't?
>> Thanks for your help.
> Thanks for preparing the update. As the issue is 'no-dsa', you first
> need to get an ack from the stable release managers. There is
> documentation here, hope it helps:
> https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#upload-stable
> Hope then someone of the maintainers of src:quassel can sponsor your
> upload (preferred), if not please let me know.
> Regards and thanks!
> Salvatore

Pierre Schweitzer <pierre at reactos.org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.

Attachment: signature.asc
Description: OpenPGP digital signature

pkg-kde-extras mailing list

Reply via email to