Hi Guillaume! On Tue, Jul 25, 2017 at 01:16:26AM +0200, Guillaume Delacour wrote: > On Mon, Jul 17, 2017 at 10:34:23PM +0200, Salvatore Bonaccorso wrote: > > Please adjust the affected versions in the BTS as needed. > > > > Please find attached the debdiff for Debian 9 Stretch. > Also, you can find a little test case (and results) without > (CVE-2017-9951_1.4.33.log) > and with the fix (CVE-2017-9951_1.4.33_fixed.log). I've build and > test it on a clean stretch schroot.
Thanks for your work! I think the issue on its own would not warrant a DSA. Can you fix the issue please via a point release? Some guide can be found here: https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#upload-stable I did quickly thouggh skim over your debdiffs. When you propose the debdiff to the stable release manager make sure to adjust the targetting distribution in the changelog, that is 'stretch' for 1.4.33-1+deb9u1, and 'jessie' for 1.4.21-1.1+deb8u2 (rather than unstable). Hope this helps and thanks for your work! Regards, Salvatore
