Hi, On 09.05.2015 07:37, Salvatore Bonaccorso wrote: > Hi Felix, > > On Fri, May 08, 2015 at 07:11:17PM +0200, Felix Geyer wrote: >> Hi, >> >> On Fri, 01 May 2015 12:45:32 +0200 Salvatore Bonaccorso <car...@debian.org> >> wrote: >>> Source: quassel >>> Version: 1:0.10.0-2.3 >>> Severity: important >>> Tags: security patch upstream fixed-upstream >>> >>> Hi, >>> >>> the following vulnerability was published for quassel. >>> >>> CVE-2015-3427[0]: >>> Incomplete fix for CVE-2013-4422 >> >> I have uploaded a fix to unstable. >> Can I upload the same to security-master for jessie-security >> (different changelog entry obviously)? > > Thanks for working on this update. The debdiff for unstable looks good > to me. Yes, please upload as well for jessie-security (distribution > jessie-security, version set to 1:0.10.0-2.3+deb8u1). Make sure to > build with -sa though, since quassel is new to dak on security-master > so need to include original source.
I have uploaded it to jessie-security now. > Regards, > Salvatore > > p.s.: for future requests, could you please as well Cc the security team > alias, so that it can be picked up and answered by someone who has > currently resource to handle that particular request. Sure, will do next time. Cheers, Felix
signature.asc
Description: OpenPGP digital signature
