[pkg-go] Bug#850951: CVE-2016-9962

Tianon Gravi tianon at debian.org
Wed Feb 1 04:54:08 UTC 2017

On 31 January 2017 at 20:46, Tianon Gravi <tianon at debian.org> wrote:
> I'm preparing a patch for the package now, but I'm curious what the
> implications of an upload will be so close to the freeze -- do we need
> to request a freeze exception or a migration adjustment after the
> updated package is up?  Should I hold off on uploading?  (would rather
> not lose "runc" from stretch)

CVE fix backported for v0.1.1 is attached (applies cleanly in the
current packaging when added to "debian/patches/series").

Happy to do the actual upload if I can get some guidance on how to
make sure it's done properly WRT freeze (or just as happy to leave it
to someone else).  O:)

- Tianon
  4096R / B42F 6819 007F 00F8 8E36  4FD4 036A 9C25 BF35 7DD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cve-2016-9962.patch
Type: text/x-patch
Size: 751 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-go-maintainers/attachments/20170131/0576a2f9/attachment.bin>

More information about the Pkg-go-maintainers mailing list