Bug#812953: Include complete patch list in -v output
On 03/06/16 at 11:08pm, Alberto Garcia wrote: > On Sat, Mar 05, 2016 at 01:32:32PM +0100, Alberto Garcia wrote: > > > > CVE-2014-9116 is already fixed in in mutt-kz since release > > > 1.5.23.1-2 > > > > Ok, thanks. > > > > I think the package looks good, I would just ask you to edit the > > changelog add a brief description of the new patches and/or the ones > > that changed. > > Never mind, it looks like Micha already uploaded the package :) Indeed. Thanks Micha. I have in my todo for the next release ;) Thanks! vmjl
Bug#812953: Include complete patch list in -v output
On Sat, Mar 05, 2016 at 01:32:32PM +0100, Alberto Garcia wrote: > > CVE-2014-9116 is already fixed in in mutt-kz since release > > 1.5.23.1-2 > > Ok, thanks. > > I think the package looks good, I would just ask you to edit the > changelog add a brief description of the new patches and/or the ones > that changed. Never mind, it looks like Micha already uploaded the package :) Thanks! Berto
Bug#812953: Include complete patch list in -v output
On Sat, Mar 05, 2016 at 12:59:36PM +0100, Víctor M. Jáquez L. wrote: > CVE-2014-9116 is already fixed in in mutt-kz since release > 1.5.23.1-2 Ok, thanks. I think the package looks good, I would just ask you to edit the changelog add a brief description of the new patches and/or the ones that changed. As far as I can see there's only one new patch, so something like: * rules: auto-generate PATCHES files (Closes: #812953) * patches: update patchset and import new patches. - 0036-771125-CVE-2014-9116-jessie.patch: Fix bug in foo_bar() that causes this or that. Berto
Bug#812953: Include complete patch list in -v output
Hi Berto, Sorry for the late reply On 02/26/16 at 12:37pm, Alberto Garcia wrote: > On Tue, Feb 09, 2016 at 02:45:37PM +0100, Víctor M. Jáquez L. wrote: > > > > Package: mutt-kz > > > Version: 1.5.23.1-6+b1 > > > Severity: wishlist > > > > > > The -kz version's -v output contains *less* patches than the > > > corresponding mutt-proper binary. Could you please ensure that the > > > list of patches in -v output corresponds with reality? > > > > > > > Thanks for reporting this. > > > > I already fixed it: > > > > https://gitlab.com/vjaquez-misc/mutt-kz/commit/de32bdc4b7d16b25dae5a41298fcd4cdbafb2132 > > In this release you also include a patch for CVE-2014-9116: > > https://gitlab.com/vjaquez-misc/mutt-kz/commit/19b08ac7f62f5925e832b8fdb396a1a08d824668 > > Can you clarify the situation with this? Is mutt-kz vulnerable to that > security bug? > CVE-2014-9116 is already fixed in in mutt-kz since release 1.5.23.1-2 $ git describe 2fe19d5 v1.5.23.1-rc1-25-g2fe19d5 The included patch for mutt in jessie is interesting too because it can block other possible attacks of this type as far as I understand. vmjl
Bug#812953: Include complete patch list in -v output
On Tue, Feb 09, 2016 at 02:45:37PM +0100, Víctor M. Jáquez L. wrote: > > Package: mutt-kz > > Version: 1.5.23.1-6+b1 > > Severity: wishlist > > > > The -kz version's -v output contains *less* patches than the > > corresponding mutt-proper binary. Could you please ensure that the > > list of patches in -v output corresponds with reality? > > > > Thanks for reporting this. > > I already fixed it: > > https://gitlab.com/vjaquez-misc/mutt-kz/commit/de32bdc4b7d16b25dae5a41298fcd4cdbafb2132 In this release you also include a patch for CVE-2014-9116: https://gitlab.com/vjaquez-misc/mutt-kz/commit/19b08ac7f62f5925e832b8fdb396a1a08d824668 Can you clarify the situation with this? Is mutt-kz vulnerable to that security bug? Berto
Bug#812953: Include complete patch list in -v output
On 01/28/16 at 03:41pm, martin f krafft wrote: > Package: mutt-kz > Version: 1.5.23.1-6+b1 > Severity: wishlist > > The -kz version's -v output contains *less* patches than the > corresponding mutt-proper binary. Could you please ensure that the > list of patches in -v output corresponds with reality? > Thanks for reporting this. I already fixed it: https://gitlab.com/vjaquez-misc/mutt-kz/commit/de32bdc4b7d16b25dae5a41298fcd4cdbafb2132 And uploaded a new version to debian-mentors: http://mentors.debian.net/package/mutt-kz vmjl signature.asc Description: PGP signature
Bug#812953: Include complete patch list in -v output
also sprach Víctor M. Jáquez L.[2016-02-10 02:45 +1300]: > I already fixed it: > > https://gitlab.com/vjaquez-misc/mutt-kz/commit/de32bdc4b7d16b25dae5a41298fcd4cdbafb2132 > > And uploaded a new version to debian-mentors: > > http://mentors.debian.net/package/mutt-kz Very cool. I won't jump in to sponsor this, but I am sure someone will upload it soon. -- .''`. martin f. krafft @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#812953: Include complete patch list in -v output
Package: mutt-kz Version: 1.5.23.1-6+b1 Severity: wishlist The -kz version's -v output contains *less* patches than the corresponding mutt-proper binary. Could you please ensure that the list of patches in -v output corresponds with reality? Thanks, -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages mutt-kz depends on: ii libassuan02.4.2-2 ii libc6 2.21-7 ii libcomerr21.42.13-1 ii libgnutls30 3.4.8-2 ii libgpg-error0 1.21-1 ii libgpgme111.6.0-1 ii libgssapi-krb5-2 1.13.2+dfsg-4 ii libidn11 1.32-3 ii libk5crypto3 1.13.2+dfsg-4 ii libkrb5-3 1.13.2+dfsg-4 ii libncursesw5 6.0+20151024-2 ii libnotmuch4 0.21-3 ii libsasl2-22.1.26.dfsg1-14+b1 ii libtinfo5 6.0+20151024-2 ii libtokyocabinet9 1.4.48-4 ii mutt 1.5.24-1+b1 mutt-kz recommends no packages. mutt-kz suggests no packages. -- no debconf information -- .''`. martin f. krafft@martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)