[Pkg-kde-extras] Bug#807801: Sponsoring for upload CVE-2015-8547
Salvatore Bonaccorso
carnil at debian.org
Sun Dec 27 19:34:34 UTC 2015
Hi Pierre,
Thanks for you quick reply, really appreciated.
On Sun, Dec 27, 2015 at 10:55:28AM +0100, Pierre Schweitzer wrote:
> Hi Salvatore,
>
> On 27/12/2015 09:09, Salvatore Bonaccorso wrote:
> > Hi Pierre,
> >
> > On Mon, Dec 14, 2015 at 10:28:26PM +0100, Pierre Schweitzer wrote:
> >> Dear all,
> >>
> >> After having asked for a CVE[0] for this Quassel issue [1], I've
> >> uploaded you (attached) a debdiff & dsc to the bug report for an upload.
> >> Would you be able to sponsor the upload, as I can't?
> >> Or perhaps the maintainers are available for the upload?
> >
> > Can you help me evaluating the issue, since I'm not a quassel user
> > myself: From a quick search and a bit of testing with a
> > quassel-client/quassel-core setup, am I right that
> >
> > a/ multi-user setups with quassel-core are non-default and not
> > so frequent?
>
> It's hard to say. However, there are no well-known Quassel providers (as
> you would have for ZNC/BNC).
>
> > b/ This issue can (only) be triggered by a client connected to a
> > quassel core?
>
> Yes.
I think this then can be fixed via a Jessie point release, which is
around the corner. Can you contact the SRM to have it scheduled via
jessie-pu?
Cf.
https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#upload-stable
You can add me to Cc when you fill the bug against release.debian.org,
if you then need a sponsor after the ack of the stable release
managers.
(n.b.: the targetting distribution needs to be changed to jessie in
the debdiff in this case).
Regards,
Salvatore
More information about the pkg-kde-extras
mailing list