On 07/05/2016 07:37 PM, Moritz Mühlenhoff wrote: > On Wed, Jun 29, 2016 at 03:50:47PM +0200, Thomas Goirand wrote: >> On 06/29/2016 11:24 AM, Moritz Muehlenhoff wrote: >>> Hi Thomas, >>> https://bugs.launchpad.net/bugs/1567673 has been assigned CVE-2016-4428 and >>> I think we should fix >>> it in jessie-security. Can you please prepare an update? unstable also >>> needs the patch. >>> >>> Cheers, >>> Moritz >>> >> >> Hi Moritz, >> >> I have uploaded fixes for both Sid and Experimental, and the fix for >> Stable is committed to Git in here: >> >> http://anonscm.debian.org/cgit/openstack/horizon.git/commit/?h=debian/icehouse&id=d74e751ce93f03240f3ad4206e93d6e7e05da55f >> >> Since you may prefer a diff to read from your mail client, I have >> attached it to this message. > > Why do you upload something different than the debdiff you sent? > > jessie has 2014.1.3-7, and what you uploaded includes an additional > fix which was never on security.debian.org: > >> horizon (2014.1.3-7+deb8u1) jessie-security; urgency=high >> >> * Fix CVE-2015-3219 with upstream patch (Closes: 788306). >> >> -- Thomas Goirand <z...@debian.org> Wed, 10 Jun 2015 16:18:34 +0200 > > Cheers, > Moritz
Moritz, I would still like both fixes to be included in the update. I'm sorry if the first one didn't make it yet through proposed-updates, it's probably my fault if it didn't. If you wish me to squash version 2014.1.3-7+deb8u1 and 2014.1.3-7+deb8u2 into a single version, please let me know, but I don't think it's very useful to do so. Cheers, Thomas Goirand (zigo)
