Control: tags -1 confirmed moreinfo Hi,
On Fri, Mar 22, 2019 at 12:11:29AM +0100, Bernhard Schmidt wrote: > The other option would be to only backport the fix for CVE-2019-8936 and > upload > -4. > > While processing this I discovered three small commits sitting in the master > branch that had not been uploaded yet. They could be backed out if you want > to. > They fix important Bug#772790, normal Bug#764546 and remove a leftover from > the > locking that used to be in place to prevent a race between ntpd and the > ntpdate > ifupdown hooks. The ifupdown hooks have been removed since September, so the > locking is not necessary anymore. > > Please tell me what you want me to upload > > a) 1:4.2.8p13+dfsg-1 currently in experimental (as -2) > b) 1:4.2.8p13+dfsg-1 currently in experimental (as -2), but with some/all not > previously uploaded changes to debian/ dropped > c) 1:4.2.8p12+dfsg-4 containing only the CVE fix > d) 1:4.2.8p12+dfsg-4 containing the CVE fix and some/all not previously > uploaded > changes to debian/ Both option c or d sound ok. Options a and b really don't sound like something we should do at this point. So please go ahead with the 1:4.2.8p12+dfsg-4 upload and remove the moreinfo tag from this bug once the package is in unstable. Thanks, Ivo