Bug#783926: quassel: Incomplete fix for CVE-2013-4422
Hi Felix, On Sun, May 10, 2015 at 08:10:29PM +0200, Felix Geyer wrote: > Hi, > > On 09.05.2015 07:37, Salvatore Bonaccorso wrote: > > Hi Felix, > > > > On Fri, May 08, 2015 at 07:11:17PM +0200, Felix Geyer wrote: > >> Hi, > >> > >> On Fri, 01 May 2015 12:45:32 +0200 Salvatore Bonaccorso > >> wrote: > >>> Source: quassel > >>> Version: 1:0.10.0-2.3 > >>> Severity: important > >>> Tags: security patch upstream fixed-upstream > >>> > >>> Hi, > >>> > >>> the following vulnerability was published for quassel. > >>> > >>> CVE-2015-3427[0]: > >>> Incomplete fix for CVE-2013-4422 > >> > >> I have uploaded a fix to unstable. > >> Can I upload the same to security-master for jessie-security > >> (different changelog entry obviously)? > > > > Thanks for working on this update. The debdiff for unstable looks good > > to me. Yes, please upload as well for jessie-security (distribution > > jessie-security, version set to 1:0.10.0-2.3+deb8u1). Make sure to > > build with -sa though, since quassel is new to dak on security-master > > so need to include original source. > > I have uploaded it to jessie-security now. Thank you, the upload was accepted and builds comming in. Regards, Salvatore signature.asc Description: Digital signature
Bug#783926: quassel: Incomplete fix for CVE-2013-4422
Hi, On 09.05.2015 07:37, Salvatore Bonaccorso wrote: > Hi Felix, > > On Fri, May 08, 2015 at 07:11:17PM +0200, Felix Geyer wrote: >> Hi, >> >> On Fri, 01 May 2015 12:45:32 +0200 Salvatore Bonaccorso >> wrote: >>> Source: quassel >>> Version: 1:0.10.0-2.3 >>> Severity: important >>> Tags: security patch upstream fixed-upstream >>> >>> Hi, >>> >>> the following vulnerability was published for quassel. >>> >>> CVE-2015-3427[0]: >>> Incomplete fix for CVE-2013-4422 >> >> I have uploaded a fix to unstable. >> Can I upload the same to security-master for jessie-security >> (different changelog entry obviously)? > > Thanks for working on this update. The debdiff for unstable looks good > to me. Yes, please upload as well for jessie-security (distribution > jessie-security, version set to 1:0.10.0-2.3+deb8u1). Make sure to > build with -sa though, since quassel is new to dak on security-master > so need to include original source. I have uploaded it to jessie-security now. > Regards, > Salvatore > > p.s.: for future requests, could you please as well Cc the security team > alias, so that it can be picked up and answered by someone who has > currently resource to handle that particular request. Sure, will do next time. Cheers, Felix signature.asc Description: OpenPGP digital signature
Bug#783926: quassel: Incomplete fix for CVE-2013-4422
Hi Felix, On Fri, May 08, 2015 at 07:11:17PM +0200, Felix Geyer wrote: > Hi, > > On Fri, 01 May 2015 12:45:32 +0200 Salvatore Bonaccorso > wrote: > > Source: quassel > > Version: 1:0.10.0-2.3 > > Severity: important > > Tags: security patch upstream fixed-upstream > > > > Hi, > > > > the following vulnerability was published for quassel. > > > > CVE-2015-3427[0]: > > Incomplete fix for CVE-2013-4422 > > I have uploaded a fix to unstable. > Can I upload the same to security-master for jessie-security > (different changelog entry obviously)? Thanks for working on this update. The debdiff for unstable looks good to me. Yes, please upload as well for jessie-security (distribution jessie-security, version set to 1:0.10.0-2.3+deb8u1). Make sure to build with -sa though, since quassel is new to dak on security-master so need to include original source. Regards, Salvatore p.s.: for future requests, could you please as well Cc the security team alias, so that it can be picked up and answered by someone who has currently resource to handle that particular request. signature.asc Description: Digital signature
Bug#783926: quassel: Incomplete fix for CVE-2013-4422
Hi, On Fri, 01 May 2015 12:45:32 +0200 Salvatore Bonaccorso wrote: > Source: quassel > Version: 1:0.10.0-2.3 > Severity: important > Tags: security patch upstream fixed-upstream > > Hi, > > the following vulnerability was published for quassel. > > CVE-2015-3427[0]: > Incomplete fix for CVE-2013-4422 I have uploaded a fix to unstable. Can I upload the same to security-master for jessie-security (different changelog entry obviously)? Cheers, Felix -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#783926: quassel: Incomplete fix for CVE-2013-4422
Source: quassel Version: 1:0.10.0-2.3 Severity: important Tags: security patch upstream fixed-upstream Hi, the following vulnerability was published for quassel. CVE-2015-3427[0]: Incomplete fix for CVE-2013-4422 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3427 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
