Your message dated Fri, 3 Jun 2005 16:39:26 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Please allow drupal 4.5.3-2 into sarge
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 3 Jun 2005 13:43:19 +0000
>From [EMAIL PROTECTED] Fri Jun 03 06:43:19 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail.kamp-dsl.de (dsl-mail.kamp.net) [195.62.99.42]
by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
id 1DeCSE-0005iY-00; Fri, 03 Jun 2005 06:43:18 -0700
Received: (qmail 12372 invoked by uid 513); 3 Jun 2005 13:43:21 -0000
Received: from 213.146.117.234 by dsl-mail (envelope-from <[EMAIL PROTECTED]>,
uid 89) with qmail-scanner-1.24
(clamdscan: 0.80/609. spamassassin: 2.60.
Clear:RC:1(213.146.117.234):SA:0(-1.6/5.0):.
Processed in 1.305859 secs); 03 Jun 2005 13:43:21 -0000
Received: from hilluzination.de (HELO paranoia) ([EMAIL PROTECTED])
by dsl-mail.kamp.net with SMTP; 3 Jun 2005 13:43:20 -0000
Received: from ataraxia ([192.168.1.251] helo=localhost.localdomain)
by paranoia with esmtp (Exim 4.34)
id 1DeCSA-0004dC-WB; Fri, 03 Jun 2005 15:43:15 +0200
Received: from bengen by localhost.localdomain with local (Exim 4.50)
id 1DeCTv-0003vq-4r; Fri, 03 Jun 2005 15:45:03 +0200
To: debian-release@lists.debian.org, debian-security@lists.debian.org
Cc: [EMAIL PROTECTED]
Subject: Re: Please allow drupal 4.5.3-1
Mail-Copies-To: nobody
In-Reply-To: <[EMAIL PROTECTED]> (John Goerzen's
message of "Fri, 3 Jun 2005 07:01:07 -0500")
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
From: Hilko Bengen <[EMAIL PROTECTED]>
Date: Fri, 03 Jun 2005 15:45:03 +0200
Message-ID: <[EMAIL PROTECTED]>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4 (Jumbo Shrimp, linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: drupal
Version: 4.5.2-0
Severity: critical
Tags: security, sarge
John Goerzen <[EMAIL PROTECTED]> writes:
> On Fri, Jun 03, 2005 at 10:56:47AM +0200, Hilko Bengen wrote:
>> Steve Langasek <[EMAIL PROTECTED]> writes:
>>
>> So, you are not accepting my drupal_4.5.3-1 (or -2) package into sarge
>> because 4.5.3 fixes more than cited security issue?
>
> Why are you not using the simple patch available at
> http://drupal.org/drupal-4.6.1
I had only been told that 4.5.3 which is supposed to fix some security
issue had been released. Hoping that the release team would simply
accept it into sarge, I just packaged that.
BTW: Dries Buytaert, one of the main developers of Drupal, just told
me that most of the other fixes in 4.5.3 are input checks. Moreover,
the 4.5.3-2 package I uploaded also adds Vietnamese Debconf
translations, which might qualify it for inclusion in Sarge.
Again, there is _no_ added functionality over 4.5.2 in 4.5.3. I
frankly don't see why the issue is still being discussed and casual
comments are made about what a maintainer should do to "get it right".
I'd rather not be responsible for stressing the security team nor the
release team too much a few days before Sarge is going to be released.
OTOH, I _have_ uploaded a package which fixes the security issue and I
suppose I could just sit there and assume that this is ok until told
otherwise.
Cheers,
-Hilko
---------------------------------------
Received: (at 311817-done) by bugs.debian.org; 3 Jun 2005 14:39:34 +0000
>From [EMAIL PROTECTED] Fri Jun 03 07:39:34 2005
Return-path: <[EMAIL PROTECTED]>
Received: from neualius.turmzimmer.net [217.160.169.58]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DeDKg-0003w7-00; Fri, 03 Jun 2005 07:39:34 -0700
Received: from [195.60.122.97] (helo=metis.turmzimmer.net)
by neualius.turmzimmer.net with esmtp (Exim 4.50)
id 1DeDKe-0003xK-DM; Fri, 03 Jun 2005 16:39:32 +0200
Received: from eos.turmzimmer.net ([10.2.3.1])
by metis.turmzimmer.net with esmtp (Exim 4.50)
id 1DeDKU-0000X2-Pp; Fri, 03 Jun 2005 16:39:22 +0200
Received: from aba by eos.turmzimmer.net with local (Exim 4.50)
id 1DeDKZ-0004Rp-1O; Fri, 03 Jun 2005 16:39:27 +0200
Date: Fri, 3 Jun 2005 16:39:26 +0200
From: Andreas Barth <[EMAIL PROTECTED]>
To: Hilko Bengen <[EMAIL PROTECTED]>
Cc: debian-release@lists.debian.org, [EMAIL PROTECTED]
Subject: Re: Please allow drupal 4.5.3-2 into sarge
Message-ID: <[EMAIL PROTECTED]>
Mail-Followup-To: Andreas Barth <[EMAIL PROTECTED]>,
Hilko Bengen <[EMAIL PROTECTED]>, debian-release@lists.debian.org,
[EMAIL PROTECTED]
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
X-Editor: Vim http://www.vim.org/
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
* Hilko Bengen ([EMAIL PROTECTED]) [050602 12:57]:
> Hilko Bengen <[EMAIL PROTECTED]> writes:
>
> > Just a few hours ago, the Drupal project has released version 4.5.3, a
> > bugfix release which fixes a serious security bug. I have created and
> > just uploaded a 4.5.3-1 package to unstable. Updated Debconf
> > translations are the only additional changes over 4.5.2-3 which is
> > the version in sarge.
> >
> > The corresponding advisory from upstream can be found here:
> > http://drupal.org/files/sa-2005-001/advisory.txt.
>
> As I write this mail, I am uploading drupal 4.5.3-2 which adds
> Vietnamese translation that I received this morning. Please allow
> either -1 or -2 to go into sarge because of mentioned security fix.
hinted in.
Cheers,
Andi
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
