Bug#598309: Security unblock requests (ust/0.7-2.1)

Wed, 17 Nov 2010 12:54:15 -0800 

On Mon, Nov 15, 2010 at 05:13:22PM -0500, Jon Bernard wrote:
> * Moritz Muehlenhoff <j...@inutil.org> wrote:
> > On Wed, Nov 03, 2010 at 01:06:24AM +0200, Jari Aalto wrote:
> > > The following message is a courtesy copy of an article
> > > that has been posted to gmane.linux.debian.devel.release as well.
> > > 
> > > > Julien Cristau <jcris...@debian.org> writes:
> > > | Newsgroups: gmane.linux.debian.devel.release
> > > | Subject: Re: Security unblock requests
> > > | Date: Sat, 23 Oct 2010 15:13:20 +0200
> > > | Message-ID: <20101023131320.gs3...@radis.liafa.jussieu.fr>
> > > |
> > > > On Sat, Oct 23, 2010 at 14:37:20 +0200, Moritz Muehlenhoff wrote:
> > > >
> > > >> More unblock requests:
> > > >> ust/0.7-2.1 -> CVE-2010-3386
> > > >
> > > >  52 files changed, 3116 insertions(+), 1232 deletions(-)
> > > 
> > > Need more information. Local check:
> > > 
> > >     $ debdiff ../build-area/ust_0.7-2.dsc ../build-area/ust_0.7-2.1.dsc | 
> > > lsdiff
> > >     ust-0.7/debian/changelog
> > >     ust-0.7/debian/patches/CVE-2010-3386--bug598309.diff
> > >     ust-0.7/debian/patches/series
> > > 
> > >     $ debdiff ../build-area/ust_0.7-2.dsc ../build-area/ust_0.7-2.1.dsc | 
> > > filterdiff -x '*changelog' | wc -l
> > >     50
> > 
> > What is the status? This is still unfixed in Squeeze.
> 
> Hi Moritz, sorry for the delay. I would prefer to backport the upstream
> patch for this bug and create a security update for the version in
> squeeze (version 0.5-1).
> 
> I belive this is the correct thing to do, but I have never dealt with
> a security issue in one of my packages going into a release, so I'm
> a bit nervous about what to do.
> 
> What is your suggestion on how to proceed?

- Create a Squeeze chroot or use a Squeeze installation
- apt-get source ust
- Apply the patch you've referenced
- Set the version to number to "0.5-1+squeeze1" and the "distribution" to 
"testing"
- Build and test
- Send the debdiff to this bug and CC debian-rele...@lists.debian.org for review
- Once acked by them, upload
- Rejoice 

Cheers,
        Moritz













-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to