[Pkg-privacy-maintainers] [half urgent] RFS onionshare 0.8.1-2 to fix CVE

Holger Levsen holger at layer-acht.org
Sat May 28 08:05:43 UTC 2016


Hi u,

On Fri, May 27, 2016 at 08:51:19AM +0000, u wrote:
> There is a CVE for onionshare, so I've patched the current 0.8.1-1
> package in Debian unstable and now I need somebody to upload that.
> I've built and tested this.
> 
> Here's what the security team wrote:
> "See https://security-tracker.debian.org/tracker/CVE-2016-5026
> Please fix this as usual in unstable (could you please reference the
> CVE id), and for jessie via the next jessie point release (onionshare
> beeing in contrib is not supported security-wise, furthermore the issue
> is minor, since as well neutralized by the kernel hardening)."
> 
> Anybody? I've created a tag this time, although normally we create a tag
> only after the upload has been done.

I don't such a tag:

git fetching from alioth gave me:

 * [neuer Branch]    pristine-tar -> alioth/pristine-tar
 * [neues Tag]       debian/0.7.1-1 -> debian/0.7.1-1
 * [neues Tag]       debian/0.8.1-1 -> debian/0.8.1-1
 * [neues Tag]       upstream/0.8 -> upstream/0.8
 * [neues Tag]       upstream/0.8.1 -> upstream/0.8.1
 * [neues Tag]       upstream/0.9 -> upstream/0.9

> I've also updated the jessie-backport, if that could be uploaded too
> that would be great.

same.

> 0.6.3 is not affected.

https://security-tracker.debian.org/tracker/CVE-2016-5026 says so too,
great.


-- 
cheers,
	Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-privacy-maintainers/attachments/20160528/4d0453f8/attachment.sig>


More information about the Pkg-privacy-maintainers mailing list