Hi Andreas, On Tue, May 10, 2016 at 09:18:26AM +0200, Andreas Henriksson wrote: > Hello Salvatore Bonaccorso. > > On Tue, May 10, 2016 at 08:12:48AM +0200, Salvatore Bonaccorso wrote: > > Hi, > > > > On Tue, May 10, 2016 at 06:34:05AM +0200, Salvatore Bonaccorso wrote: > > > Source: libarchive > > > Version: 3.1.2-11 > > > Severity: grave > > > Tags: security upstream fixed-upstream > > > Justification: user security hole > > > Control: fixed -1 3.2.0-1 > [...] > > > If you fix the vulnerability please also make sure to include the > > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > I'll make sure to include this in the 3.2.0-1 entry in debian/changelog > in future uploads. > > [...] > > Attached is the debdiff I prepared for jessie-security, but the same > > patch would apply for unstable as well unless planning to move to > > 3.2.0-1 anyway. > [...] > > Thanks! Please feel free to NMU at once as I'd prefer not having to touch > stable updates.
Thanks for your quick response, very appreciated. I will upload the package later today to security-master for the DSA. > I'm torn on uploading 3.2.0 to unstable now because of regressing on > kfreebsd where we now have test failures because of FTBFS. Feel free to > NMU to unstable as well if you think it's urgent to get it fixed and > don't want to wait for giving kfreebsd porters time to look at the > regression. Makes sense then to wait for moving 3.2.0 to experimental. Thanks for the ack on NMU'ing. I might then as well fix unstable with the upstream patch. Regards, Salvatore
