On 12/3/18 8:17 AM, Julien Cristau wrote: > Control: tag -1 confirmed > > On Thu, Nov 15, 2018 at 02:07:01PM +0100, Thomas Goirand wrote: >> diff --git a/debian/changelog b/debian/changelog >> index b2ce8602..06234034 100644 >> --- a/debian/changelog >> +++ b/debian/changelog >> @@ -1,3 +1,11 @@ >> +mistral (3.0.0-4+deb9u1) stretch-security; urgency=medium > > Remove the -security bit.
Sure! This was made for the security team, and they asked to move to a s-p-u instead (ie: no DSA). >> + >> + * CVE-2018-16849: std.ssh action may disclose presence of arbitrary files, >> + applied upstream patch: remove extra information from std.ssh action. >> + (Closes: #912714). >> + >> + -- Thomas Goirand <z...@debian.org> Mon, 05 Nov 2018 14:38:44 +0100 >> + >> mistral (3.0.0-4) unstable; urgency=medium >> >> * Add allow-sqla-1.1.patch to allow SQLA transition. > > Other than that, looks ok to upload. Uploaded. If it gets rejected because of a --force-orig-source, I'll re-do it (I'm always confused on when to do it, though never mind if it gets automatically rejected, it's easy to fix...). Cheers, Thomas Goirand (zigo)
