subject:"Bug#812953\: Include complete patch list in \-v output"

Bug#812953: Include complete patch list in -v output

2016-03-07 Thread Víctor M . Jáquez L .

On 03/06/16 at 11:08pm, Alberto Garcia wrote:
> On Sat, Mar 05, 2016 at 01:32:32PM +0100, Alberto Garcia wrote:
> 
> > > CVE-2014-9116 is already fixed in in mutt-kz since release
> > > 1.5.23.1-2
> > 
> > Ok, thanks.
> > 
> > I think the package looks good, I would just ask you to edit the
> > changelog add a brief description of the new patches and/or the ones
> > that changed.
> 
> Never mind, it looks like Micha already uploaded the package :)

Indeed. Thanks Micha.

I have in my todo for the next release ;)

Thanks!


vmjl

Bug#812953: Include complete patch list in -v output

2016-03-06 Thread Alberto Garcia

On Sat, Mar 05, 2016 at 01:32:32PM +0100, Alberto Garcia wrote:

> > CVE-2014-9116 is already fixed in in mutt-kz since release
> > 1.5.23.1-2
> 
> Ok, thanks.
> 
> I think the package looks good, I would just ask you to edit the
> changelog add a brief description of the new patches and/or the ones
> that changed.

Never mind, it looks like Micha already uploaded the package :)

Thanks!

Berto

Bug#812953: Include complete patch list in -v output

2016-03-05 Thread Alberto Garcia

On Sat, Mar 05, 2016 at 12:59:36PM +0100, Víctor M. Jáquez L. wrote:

> CVE-2014-9116 is already fixed in in mutt-kz since release
> 1.5.23.1-2

Ok, thanks.

I think the package looks good, I would just ask you to edit the
changelog add a brief description of the new patches and/or the ones
that changed.

As far as I can see there's only one new patch, so something like:

  * rules: auto-generate PATCHES files (Closes: #812953)
  * patches: update patchset and import new patches.
- 0036-771125-CVE-2014-9116-jessie.patch: Fix bug in foo_bar()
  that causes this or that.

Berto

Bug#812953: Include complete patch list in -v output

2016-03-05 Thread Víctor M . Jáquez L .

Hi Berto,

Sorry for the late reply

On 02/26/16 at 12:37pm, Alberto Garcia wrote:
> On Tue, Feb 09, 2016 at 02:45:37PM +0100, Víctor M. Jáquez L. wrote:
> 
> > > Package: mutt-kz
> > > Version: 1.5.23.1-6+b1
> > > Severity: wishlist
> > > 
> > > The -kz version's -v output contains *less* patches than the
> > > corresponding mutt-proper binary. Could you please ensure that the
> > > list of patches in -v output corresponds with reality?
> > > 
> > 
> > Thanks for reporting this.
> > 
> > I already fixed it:
> > 
> > https://gitlab.com/vjaquez-misc/mutt-kz/commit/de32bdc4b7d16b25dae5a41298fcd4cdbafb2132
> 
> In this release you also include a patch for CVE-2014-9116:
> 
> https://gitlab.com/vjaquez-misc/mutt-kz/commit/19b08ac7f62f5925e832b8fdb396a1a08d824668
> 
> Can you clarify the situation with this? Is mutt-kz vulnerable to that
> security bug?
>

CVE-2014-9116 is already fixed in in mutt-kz since release 1.5.23.1-2

$ git describe 2fe19d5
v1.5.23.1-rc1-25-g2fe19d5

The included patch for mutt in jessie is interesting too because it can block
other possible attacks of this type as far as I understand.

vmjl

Bug#812953: Include complete patch list in -v output

2016-02-26 Thread Alberto Garcia

On Tue, Feb 09, 2016 at 02:45:37PM +0100, Víctor M. Jáquez L. wrote:

> > Package: mutt-kz
> > Version: 1.5.23.1-6+b1
> > Severity: wishlist
> > 
> > The -kz version's -v output contains *less* patches than the
> > corresponding mutt-proper binary. Could you please ensure that the
> > list of patches in -v output corresponds with reality?
> > 
> 
> Thanks for reporting this.
> 
> I already fixed it:
> 
> https://gitlab.com/vjaquez-misc/mutt-kz/commit/de32bdc4b7d16b25dae5a41298fcd4cdbafb2132

In this release you also include a patch for CVE-2014-9116:

https://gitlab.com/vjaquez-misc/mutt-kz/commit/19b08ac7f62f5925e832b8fdb396a1a08d824668

Can you clarify the situation with this? Is mutt-kz vulnerable to that
security bug?

Berto

Bug#812953: Include complete patch list in -v output

2016-02-09 Thread Víctor M . Jáquez L .

On 01/28/16 at 03:41pm, martin f krafft wrote:
> Package: mutt-kz
> Version: 1.5.23.1-6+b1
> Severity: wishlist
> 
> The -kz version's -v output contains *less* patches than the
> corresponding mutt-proper binary. Could you please ensure that the
> list of patches in -v output corresponds with reality?
> 

Thanks for reporting this.

I already fixed it:

https://gitlab.com/vjaquez-misc/mutt-kz/commit/de32bdc4b7d16b25dae5a41298fcd4cdbafb2132

And uploaded a new version to debian-mentors:

http://mentors.debian.net/package/mutt-kz


vmjl


signature.asc
Description: PGP signature

Bug#812953: Include complete patch list in -v output

2016-02-09 Thread martin f krafft

also sprach Víctor M. Jáquez L.  [2016-02-10 02:45 +1300]:
> I already fixed it:
> 
> https://gitlab.com/vjaquez-misc/mutt-kz/commit/de32bdc4b7d16b25dae5a41298fcd4cdbafb2132
> 
> And uploaded a new version to debian-mentors:
> 
> http://mentors.debian.net/package/mutt-kz

Very cool. I won't jump in to sponsor this, but I am sure someone
will upload it soon.

-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Bug#812953: Include complete patch list in -v output

2016-01-27 Thread martin f krafft

Package: mutt-kz
Version: 1.5.23.1-6+b1
Severity: wishlist

The -kz version's -v output contains *less* patches than the
corresponding mutt-proper binary. Could you please ensure that the
list of patches in -v output corresponds with reality?

Thanks,

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mutt-kz depends on:
ii  libassuan02.4.2-2
ii  libc6 2.21-7
ii  libcomerr21.42.13-1
ii  libgnutls30   3.4.8-2
ii  libgpg-error0 1.21-1
ii  libgpgme111.6.0-1
ii  libgssapi-krb5-2  1.13.2+dfsg-4
ii  libidn11  1.32-3
ii  libk5crypto3  1.13.2+dfsg-4
ii  libkrb5-3 1.13.2+dfsg-4
ii  libncursesw5  6.0+20151024-2
ii  libnotmuch4   0.21-3
ii  libsasl2-22.1.26.dfsg1-14+b1
ii  libtinfo5 6.0+20151024-2
ii  libtokyocabinet9  1.4.48-4
ii  mutt  1.5.24-1+b1

mutt-kz recommends no packages.

mutt-kz suggests no packages.

-- no debconf information


-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Bug#812953: Include complete patch list in -v output

Bug#812953: Include complete patch list in -v output

Bug#812953: Include complete patch list in -v output

Bug#812953: Include complete patch list in -v output

Bug#812953: Include complete patch list in -v output

Bug#812953: Include complete patch list in -v output

Bug#812953: Include complete patch list in -v output

Bug#812953: Include complete patch list in -v output

8 matches

Site Navigation

Mail list logo

Footer information