unblock and pu request for libxslt
Hi, Can you please unblock libxslt/1.1.26-13 which fixes CVE-2012-2825 (Bug #679283)? Patch applied: http://anonscm.debian.org/gitweb/?p=debian-xml-sgml/libxslt.git;a=blob;f=debian/patches/0005-cve-2012-2825.patch;h=2e7db481530519ed82a69ab41e4297767f83e6f5;hb=ecbb4ca70e90c1c4789049e7a41c6c1d2c51871e I've also prepared an update for squeeze and please advise if I can upload to pu. This fixes three CVEs: CVE-2011-1202, #617413: http://anonscm.debian.org/gitweb/?p=debian-xml-sgml/libxslt.git;a=commitdiff;h=dbb14e5be43bf20c8b7a2e37bda1d8f7867dc56b;hp=1a30e3c16a7b08489fec5dde9808dfbd15f9cd4b CVE-2011-3970, #660650: http://anonscm.debian.org/gitweb/?p=debian-xml-sgml/libxslt.git;a=commitdiff;h=18dd5c48fc1829ec75823b5ac975574b785c1233;hp=dbb14e5be43bf20c8b7a2e37bda1d8f7867dc56b CVE-2012-2825, #679283: http://anonscm.debian.org/gitweb/?p=debian-xml-sgml/libxslt.git;a=commitdiff;h=9ebc17a3bad5fc6807080e11bcca3f58c8c392fe;hp=18dd5c48fc1829ec75823b5ac975574b785c1233 -- Regards, Aron Xu -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAMr=8w79nN3rKC-sr7DYFEUV3GBucbO5N0GzvUeE=lm_cgf...@mail.gmail.com
Re: unblock and pu request for libxslt
On 05.07.2012 11:00, Aron Xu wrote: Can you please unblock libxslt/1.1.26-13 which fixes CVE-2012-2825 (Bug #679283)? Patch applied: http://anonscm.debian.org/gitweb/?p=debian-xml-sgml/libxslt.git;a=blob;f=debian/patches/0005-cve-2012-2825.patch;h=2e7db481530519ed82a69ab41e4297767f83e6f5;hb=ecbb4ca70e90c1c4789049e7a41c6c1d2c51871e This is fun: --- libxslt-1.1.26/debian/changelog 2012-06-15 11:04:15.0 + +++ libxslt-1.1.26/debian/changelog 2012-07-05 03:10:22.0 + @@ -1,9 +1,8 @@ -libxslt (1.1.26-12+rebuild1) unstable; urgency=low +libxslt (1.1.26-13) unstable; urgency=low - * Rebuild against new libxml2 to make xslt-config identical across -architectures. + * Patch to fix CVE-2012-2825 (Closes: #679283). - -- Aron Xu a...@debian.org Fri, 15 Jun 2012 18:55:36 +0800 + -- Aron Xu a...@debian.org Thu, 05 Jul 2012 11:09:19 +0800 Unblocked anyway. I've also prepared an update for squeeze and please advise if I can upload to pu. This fixes three CVEs: Please don't mix different types of request in the same mail. For a stable update, please open an appropriately usertagged pu bug, including a full source debdiff rather than VCS pointers. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/754a167b33cc47ab95e7a314b0dc3...@mail.adsl.funky-badger.org
Re: unblock and pu request for libxslt
On Thu, Jul 5, 2012 at 6:21 PM, Adam D. Barratt a...@adam-barratt.org.uk wrote: On 05.07.2012 11:00, Aron Xu wrote: Can you please unblock libxslt/1.1.26-13 which fixes CVE-2012-2825 (Bug #679283)? Patch applied: http://anonscm.debian.org/gitweb/?p=debian-xml-sgml/libxslt.git;a=blob;f=debian/patches/0005-cve-2012-2825.patch;h=2e7db481530519ed82a69ab41e4297767f83e6f5;hb=ecbb4ca70e90c1c4789049e7a41c6c1d2c51871e This is fun: --- libxslt-1.1.26/debian/changelog 2012-06-15 11:04:15.0 + +++ libxslt-1.1.26/debian/changelog 2012-07-05 03:10:22.0 + @@ -1,9 +1,8 @@ -libxslt (1.1.26-12+rebuild1) unstable; urgency=low +libxslt (1.1.26-13) unstable; urgency=low - * Rebuild against new libxml2 to make xslt-config identical across -architectures. + * Patch to fix CVE-2012-2825 (Closes: #679283). - -- Aron Xu a...@debian.org Fri, 15 Jun 2012 18:55:36 +0800 + -- Aron Xu a...@debian.org Thu, 05 Jul 2012 11:09:19 +0800 Unblocked anyway. Thanks for unblocking, but no fun at all. changelog for sourceful rebuild is useless for history tracking anyway. I've also prepared an update for squeeze and please advise if I can upload to pu. This fixes three CVEs: Please don't mix different types of request in the same mail. For a stable update, please open an appropriately usertagged pu bug, including a full source debdiff rather than VCS pointers. Regards, Adam OK, will do, thanks! -- Regards, Aron Xu -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAMr=8w4nBB38kqaQ_MjjXLA=64jwdamx_argcesgkfvcegk...@mail.gmail.com
