Bug#807801: Sponsoring for upload CVE-2015-8547
Hi Pierre, On Mon, Dec 14, 2015 at 10:28:26PM +0100, Pierre Schweitzer wrote: > Dear all, > > After having asked for a CVE[0] for this Quassel issue [1], I've > uploaded you (attached) a debdiff & dsc to the bug report for an upload. > Would you be able to sponsor the upload, as I can't? > Or perhaps the maintainers are available for the upload? Can you help me evaluating the issue, since I'm not a quassel user myself: From a quick search and a bit of testing with a quassel-client/quassel-core setup, am I right that a/ multi-user setups with quassel-core are non-default and not so frequent? b/ This issue can (only) be triggered by a client connected to a quassel core? Regards, Salvatore signature.asc Description: PGP signature
Bug#807801: Sponsoring for upload CVE-2015-8547
Hi Salvatore, On 27/12/2015 09:09, Salvatore Bonaccorso wrote: > Hi Pierre, > > On Mon, Dec 14, 2015 at 10:28:26PM +0100, Pierre Schweitzer wrote: >> Dear all, >> >> After having asked for a CVE[0] for this Quassel issue [1], I've >> uploaded you (attached) a debdiff & dsc to the bug report for an upload. >> Would you be able to sponsor the upload, as I can't? >> Or perhaps the maintainers are available for the upload? > > Can you help me evaluating the issue, since I'm not a quassel user > myself: From a quick search and a bit of testing with a > quassel-client/quassel-core setup, am I right that > > a/ multi-user setups with quassel-core are non-default and not > so frequent? It's hard to say. However, there are no well-known Quassel providers (as you would have for ZNC/BNC). > b/ This issue can (only) be triggered by a client connected to a > quassel core? Yes. Regards, -- Pierre Schweitzer System & Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. signature.asc Description: OpenPGP digital signature
Bug#807801: Sponsoring for upload CVE-2015-8547
Hi Pierre, Thanks for you quick reply, really appreciated. On Sun, Dec 27, 2015 at 10:55:28AM +0100, Pierre Schweitzer wrote: > Hi Salvatore, > > On 27/12/2015 09:09, Salvatore Bonaccorso wrote: > > Hi Pierre, > > > > On Mon, Dec 14, 2015 at 10:28:26PM +0100, Pierre Schweitzer wrote: > >> Dear all, > >> > >> After having asked for a CVE[0] for this Quassel issue [1], I've > >> uploaded you (attached) a debdiff & dsc to the bug report for an upload. > >> Would you be able to sponsor the upload, as I can't? > >> Or perhaps the maintainers are available for the upload? > > > > Can you help me evaluating the issue, since I'm not a quassel user > > myself: From a quick search and a bit of testing with a > > quassel-client/quassel-core setup, am I right that > > > > a/ multi-user setups with quassel-core are non-default and not > > so frequent? > > It's hard to say. However, there are no well-known Quassel providers (as > you would have for ZNC/BNC). > > > b/ This issue can (only) be triggered by a client connected to a > > quassel core? > > Yes. I think this then can be fixed via a Jessie point release, which is around the corner. Can you contact the SRM to have it scheduled via jessie-pu? Cf. https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#upload-stable You can add me to Cc when you fill the bug against release.debian.org, if you then need a sponsor after the ack of the stable release managers. (n.b.: the targetting distribution needs to be changed to jessie in the debdiff in this case). Regards, Salvatore
