[Pkg-mozext-maintainers] Bug#724895: pu: package perspectives-extension/4.3.1-1+deb7u1
David Prévot
taffit at debian.org
Sun Sep 29 12:42:18 UTC 2013
Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: pu
Hi,
As agreed with the security team and the current maintainer, we’d like
to include this security fix via the upcoming point release, because the
package has a low popcon and requires a very unusual configuration to
trigger the flaw (but with such a configuration, it completely
undermines the security model perspectives attempts to provide).
The proposed update aim to fix the issue disclosed recently on the
upstream project website [1] and the upstream bug tracker [2].
1: http://perspectives-project.org/2013/09/19/security-alert-incorrect-quorum-with-low-number-of-notaries-andor-low-quorum-percentage/
2: https://github.com/danwent/Perspectives/issues/87
The two upstream commits to fix this issue (cb3d991 and 1f85a52) apply
properly into stable once fe6551e is also applied, thus the three
patches.
Regards
David
P.-S.: The fix “already” made it to Jessie.
-- System Information:
Debian Release: 7.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable'), (150, 'testing'), (120, 'unstable'), (110, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-------------- next part --------------
A non-text attachment was scrubbed...
Name: perspectives-extension_4.3.1-1+deb7u1.diff
Type: text/x-diff
Size: 8269 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozext-maintainers/attachments/20130929/d95adc9b/attachment.diff>
More information about the Pkg-mozext-maintainers
mailing list