Hi all On Sun, Feb 17, 2013 at 12:19:00AM +0000, Jonathan Wiltshire wrote: > On Sun, Feb 17, 2013 at 12:16:32AM +0100, Jeremy Lainé wrote: > > Dear release team, > > > > Yesterday the following security vulnerability in the "pyrad" > > package was brought to my attention by Salvatore Bonaccorso: > > > > https://security-tracker.debian.org/tracker/CVE-2013-0294 > > > > It is tracked in the following bug: > > > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700669 > > > > I have uploaded version 1.2-1+deb7u1 targeted at > > testing-proposed-updates (debdiff attached), as unstable carries a > > different upstream version. Could you please let this version into > > wheezy? > > It's traditional to seek approval *before* uploading; more so in this case > since adding a patch system is a no-no. The change itself is fine, please > upload with this only. You will have to bump the version number IIRC.
I was involved reporting the problem: I noticed now a possible problem about the versioning: Current situation: pyrad | 1.2-1 | squeeze | source pyrad | 1.2-1 | wheezy | source pyrad | 1.2-1+deb7u1 | wheezy-p-u | source pyrad | 2.0-2 | sid | source Assuming there will be also either a DSA or a pu for pyrad, how should that be versioned? Traditionally for Squeeze it was +squeeze1, but: 1.2-1 <= 1.2-1+deb7u1 but 1.2-1+squeeze1 is not smaller than 1.2-1 or 1.2-1+deb7u1. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
