Upload of src:velocity to stable-proposed-updates.

tony mancill tmancill at debian.org
Wed May 12 14:53:09 BST 2021


Hello Chris,

On Wed, May 12, 2021 at 11:49:02AM +0100, Chris Lamb wrote:
> Hi velocity maintainers & recent uploaders,
> 
> The version of velocity in the stretch-security LTS distribution is
> currently higher than the version in buster. This is due to the upload
> of 1.7-5+deb9u1 to address CVE-2020-13936:
> 
>   https://security-tracker.debian.org/tracker/CVE-2020-13936
> 
> As this breaks clean upgrades, I'm willing to prepare a release of
> velocity for the next point release. Would this be okay with you?
> 
> If so, is there anything in particular I should know (eg. you wish
> this to be done in Git, etc.). Or, perhaps you would like to handle
> this yourself? Either way, please let me know.

If you are willing, please proceed with the upload to s-p-u.  If not, I
should be able to get to it this weekend.

My proposal for Git is to create a debian/buster branch from the
debian/1.7-5 tag and preserve the s-p-u changes there.  I'm happy to
take care of that after your upload if you'd prefer not to bother with
it.  (As an aside, at some point after the release I'd like to have a
team discussion about DEP-14.)

Thank you for helping with this!

Regards,
tony
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20210512/6c199592/attachment.sig>


More information about the pkg-java-maintainers mailing list