[Pkg-kde-extras] Sponsoring for upload CVE-2016-4414
Salvatore Bonaccorso
carnil at debian.org
Sun Jun 5 12:49:39 UTC 2016
Hi Pierre,
On Sun, Jun 05, 2016 at 01:34:53PM +0200, Pierre Schweitzer wrote:
> Dear all,
>
> The CVE 2016-4414 was identified earlier in Quassel, which allows an
> unauthenticated remote DoS in quassel-core. Its associated bug report in
> Debian BTS is: #826402.
> Please find attached a debdiff & dsc that address the backport for
> fixing the vulnerability in Jessie.
> Please, note that due 'compilation' issues (Quassel build for jessie
> isn't C++11 ready), I removed cosmetic change from the cherrypicked
> commit (return 0 -> return nullptr) and only kept functional changes.
> Would you be able to sponsor the upload, as I can't?
> Thanks for your help.
Thanks for preparing the update. As the issue is 'no-dsa', you first
need to get an ack from the stable release managers. There is
documentation here, hope it helps:
https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#upload-stable
Hope then someone of the maintainers of src:quassel can sponsor your
upload (preferred), if not please let me know.
Regards and thanks!
Salvatore
More information about the pkg-kde-extras
mailing list