[Pkg-kde-extras] Sponsoring for upload CVE-2016-4414
Pierre Schweitzer
pierre at reactos.org
Sun Jun 5 15:21:54 UTC 2016
Hi Salvatore,
Thanks for your answer.
For the record, I created the bug report #826429 for the stable upload.
Cheers,
Pierre
Le 05/06/2016 14:49, Salvatore Bonaccorso a écrit :
> Hi Pierre,
>
> On Sun, Jun 05, 2016 at 01:34:53PM +0200, Pierre Schweitzer wrote:
>> Dear all,
>>
>> The CVE 2016-4414 was identified earlier in Quassel, which allows an
>> unauthenticated remote DoS in quassel-core. Its associated bug report in
>> Debian BTS is: #826402.
>> Please find attached a debdiff & dsc that address the backport for
>> fixing the vulnerability in Jessie.
>> Please, note that due 'compilation' issues (Quassel build for jessie
>> isn't C++11 ready), I removed cosmetic change from the cherrypicked
>> commit (return 0 -> return nullptr) and only kept functional changes.
>> Would you be able to sponsor the upload, as I can't?
>> Thanks for your help.
>
> Thanks for preparing the update. As the issue is 'no-dsa', you first
> need to get an ack from the stable release managers. There is
> documentation here, hope it helps:
>
> https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#upload-stable
>
> Hope then someone of the maintainers of src:quassel can sponsor your
> upload (preferred), if not please let me know.
>
> Regards and thanks!
> Salvatore
>
--
Pierre Schweitzer <pierre at reactos.org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-kde-extras/attachments/20160605/fc4e3a66/attachment.sig>
More information about the pkg-kde-extras
mailing list