On Tue, 2017-09-12 at 22:52 +0200, Guillaume Delacour wrote: > Le 30/08/2017 à 21:58, Adam D. Barratt a écrit : > > Control: tags -1 + confirmed > > > > On Wed, 2017-08-30 at 21:33 +0200, g...@iroqwa.org wrote: > > > The attached patch fix CVE-2017-9951 which has been not fixed via > > > a DSA, > > > as discussed with Salvatore Bonaccorso: https://bugs.debian.org/8 > > > 68701. > > > > +memcached (1.4.33-1+deb9u1) stretch; urgency=high > > + > > + * Non-maintainer upload by the Security Team. > > > > So far as I can tell, you're not a member of the Security Team, so > > this > > is incorrect. > > Sure, please find attached the fixed debdiff, as i'm not a member of > the > security team. I've also changed the distribution from stretch to > stretch-security.
Why? "stretch-security" is an appropriate distribution to use for uploads to the security archive, in which case you should be talking to the Security Team, not us. Assuming you're still proposing an update via proposed-updates and a point release, "stretch" was correct. Regards, Adam
