Control: tags -1 moreinfo Hi,
On Fri, Jan 30, 2015 at 03:15:05PM +0100, Kilian Krause wrote: > Version 20150120-2 fixes a security race condition where the cleanup > script would delete a state of a freshly registered user (if > registration is allowed) granting full user privileges instead of > restricted ones (if so configured). > > Also the version 20150120-2 fixes that the fex-utils by default don't > connect to SSLv3 any more (and other SSL parameters are configurable). > > Attached is the (quite large) diff against the version in testing > (20140917-2) which however has multiple copies of the same update (in > every cli client) and does contain upstreams new copy of the cli tools > in htdocs/download (as well as 3 scripts that upstream needs yet we > don't ship in the deb). Stripping the diff down to what we need gives > more or less this: [...] > 50 files changed, 3001 insertions(+), 1169 deletions(-) This change is obviously not appropriate at this stage in the freeze. If you can come up with a targeted fix for this issue in the next few days, we might be able to allow that. Otherwise, we will have to remove fex from jessie (probably before the auto-removal deadline). Cheers, Ivo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
