[Pkg-privacy-maintainers] [half urgent] RFS onionshare 0.8.1-2 to fix CVE
Holger Levsen
holger at layer-acht.org
Sat May 28 08:05:43 UTC 2016
Hi u,
On Fri, May 27, 2016 at 08:51:19AM +0000, u wrote:
> There is a CVE for onionshare, so I've patched the current 0.8.1-1
> package in Debian unstable and now I need somebody to upload that.
> I've built and tested this.
>
> Here's what the security team wrote:
> "See https://security-tracker.debian.org/tracker/CVE-2016-5026
> Please fix this as usual in unstable (could you please reference the
> CVE id), and for jessie via the next jessie point release (onionshare
> beeing in contrib is not supported security-wise, furthermore the issue
> is minor, since as well neutralized by the kernel hardening)."
>
> Anybody? I've created a tag this time, although normally we create a tag
> only after the upload has been done.
I don't such a tag:
git fetching from alioth gave me:
* [neuer Branch] pristine-tar -> alioth/pristine-tar
* [neues Tag] debian/0.7.1-1 -> debian/0.7.1-1
* [neues Tag] debian/0.8.1-1 -> debian/0.8.1-1
* [neues Tag] upstream/0.8 -> upstream/0.8
* [neues Tag] upstream/0.8.1 -> upstream/0.8.1
* [neues Tag] upstream/0.9 -> upstream/0.9
> I've also updated the jessie-backport, if that could be uploaded too
> that would be great.
same.
> 0.6.3 is not affected.
https://security-tracker.debian.org/tracker/CVE-2016-5026 says so too,
great.
--
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-privacy-maintainers/attachments/20160528/4d0453f8/attachment.sig>
More information about the Pkg-privacy-maintainers
mailing list