control: tags 809900 + patch control: tags 809900 + pending Dear maintainer,
as promised, I've prepared an NMU for gajim (versioned as 0.16.5-0.1) to fix a security issue and uploaded it to DELAYED/7. Please feel free to tell me if I should delay it longer. Regards, Norbert
diff -Nur gajim-0.16/debian/changelog gajim-0.16.5/debian/changelog --- gajim-0.16/debian/changelog 2014-10-17 17:05:30.000000000 +0200 +++ gajim-0.16.5/debian/changelog 2016-01-26 15:26:05.984131036 +0100 @@ -1,3 +1,16 @@ +gajim (0.16.5-0.1) unstable; urgency=medium + + * New upstream release. (closes: #785521) + * SECURITY UPDATE: Update to 0.16.5 to fix security issue: + - CVE-2015-8688: Message interception due to unverified origin of roster push + - https://gultsch.de/gajim_roster_push_and_message_interception.html + (closes: #809900) + * debian/patches/fix-manpages.patch: remove deprecated patch, which has been + applied upstream. + * debian/control: require python-nbxmpp (>= 0.5.3) + + -- Norbert Tretkowski <norb...@tretkowski.de> Tue, 26 Jan 2016 15:19:54 +0100 + gajim (0.16-1) unstable; urgency=medium * New upstream release. (Closes: #729042, #757570) diff -Nur gajim-0.16/debian/control gajim-0.16.5/debian/control --- gajim-0.16/debian/control 2014-10-17 16:37:58.000000000 +0200 +++ gajim-0.16.5/debian/control 2016-01-26 15:24:56.904232412 +0100 @@ -12,7 +12,7 @@ Package: gajim Architecture: all Depends: ${misc:Depends}, ${python:Depends}, python-gtk2 (>= 2.22.0), dnsutils, - dbus, python-dbus (>=0.81), python-nbxmpp + dbus, python-dbus (>=0.81), python-nbxmpp (>= 0.5.3) Recommends: python-openssl (>= 0.12), python-pyasn1, python-crypto, notification-daemon, ca-certificates Suggests: libxss1, diff -Nur gajim-0.16/debian/patches/fix-manpages.patch gajim-0.16.5/debian/patches/fix-manpages.patch --- gajim-0.16/debian/patches/fix-manpages.patch 2014-10-17 16:37:58.000000000 +0200 +++ gajim-0.16.5/debian/patches/fix-manpages.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,51 +0,0 @@ -Description: Fix markup erros in manpages - Manpages have lists that start with .Bl (begin list) but that have no - matching .El (end list). This patch adds them. -Author: Tanguy Ortolo <tanguy+deb...@ortolo.eu> -Forwarded: https://trac.gajim.org/ticket/7851 -Last-Update: 2014-10-14 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ -Index: gajim/data/gajim-history-manager.1 -=================================================================== ---- gajim.orig/data/gajim-history-manager.1 2014-10-14 22:58:28.133375745 +0200 -+++ gajim/data/gajim-history-manager.1 2014-10-14 22:58:28.109375443 +0200 -@@ -24,12 +24,14 @@ - Show help options - .It Fl c Fl Fl config-path Em directory - Where to look for logs file -+.El - .Sh FILES - .Bl -tag -width Ds - .It ~/.local/share/gajim/logs.db - The history database log file used when - .Op Fl c - is not specified. -+.El - .Sh AUTHORS - .An -nosplit - .Nm -Index: gajim/data/gajim-remote.1 -=================================================================== ---- gajim.orig/data/gajim-remote.1 2014-10-14 22:58:28.133375745 +0200 -+++ gajim/data/gajim-remote.1 2014-10-14 23:00:43.479080837 +0200 -@@ -16,6 +16,7 @@ - .Sh OPTIONS - .Bl -tag -width Ds - .It Available commands -+.El - .Ss account_info Aq account - Gets detailed info on a account - .Ss add_contact Ao jid Ac Bq account -Index: gajim/data/gajim.1 -=================================================================== ---- gajim.orig/data/gajim.1 2014-10-14 22:58:28.133375745 +0200 -+++ gajim/data/gajim.1 2014-10-14 22:58:28.113375488 +0200 -@@ -57,6 +57,7 @@ - in configuration directory - .It Fl c Fl Fl config-path Em directory - Where to look for configuration files -+.El - .Sh FILES - .Bl -tag -width Ds - .It ~/.cache/gajim/cache.db diff -Nur gajim-0.16/debian/patches/series gajim-0.16.5/debian/patches/series --- gajim-0.16/debian/patches/series 2014-10-17 16:37:58.000000000 +0200 +++ gajim-0.16.5/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -fix-manpages.patch
signature.asc
Description: OpenPGP digital signature
