Hello Salvatore Bonaccorso. On Tue, May 10, 2016 at 08:12:48AM +0200, Salvatore Bonaccorso wrote: > Hi, > > On Tue, May 10, 2016 at 06:34:05AM +0200, Salvatore Bonaccorso wrote: > > Source: libarchive > > Version: 3.1.2-11 > > Severity: grave > > Tags: security upstream fixed-upstream > > Justification: user security hole > > Control: fixed -1 3.2.0-1 [...] > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
I'll make sure to include this in the 3.2.0-1 entry in debian/changelog in future uploads. [...] > Attached is the debdiff I prepared for jessie-security, but the same > patch would apply for unstable as well unless planning to move to > 3.2.0-1 anyway. [...] Thanks! Please feel free to NMU at once as I'd prefer not having to touch stable updates. I'm torn on uploading 3.2.0 to unstable now because of regressing on kfreebsd where we now have test failures because of FTBFS. Feel free to NMU to unstable as well if you think it's urgent to get it fixed and don't want to wait for giving kfreebsd porters time to look at the regression. Regards, Andreas Henriksson
