[Pkg-privacy-maintainers] [half urgent] RFS onionshare 0.8.1-2 to fix CVE
u
u at 451f.org
Sun May 29 21:29:53 UTC 2016
Hello Holger!
Holger Levsen:
> On Fri, May 27, 2016 at 08:51:19AM +0000, u wrote:
>> There is a CVE for onionshare, so I've patched the current 0.8.1-1
>> package in Debian unstable and now I need somebody to upload that.
>> I've built and tested this.
>> Anybody? I've created a tag this time, although normally we create a tag
>> only after the upload has been done.
>
> I don't such a tag:
Thanks for looking into it!
The tags have been pushed here though :
ssh://git.debian.org/git/pkg-privacy/packages/onionshare.git
I've forwarded the corresponding email notifications to you in private.
> git fetching from alioth gave me:
>
> * [neuer Branch] pristine-tar -> alioth/pristine-tar
> * [neues Tag] debian/0.7.1-1 -> debian/0.7.1-1
> * [neues Tag] debian/0.8.1-1 -> debian/0.8.1-1
> * [neues Tag] upstream/0.8 -> upstream/0.8
> * [neues Tag] upstream/0.8.1 -> upstream/0.8.1
> * [neues Tag] upstream/0.9 -> upstream/0.9
>
>> I've also updated the jessie-backport, if that could be uploaded too
>> that would be great.
>
> same.
>
>> 0.6.3 is not affected.
>
> https://security-tracker.debian.org/tracker/CVE-2016-5026 says so too,
> great.
Yes, because I've talked to the security team about this and sent them
my analysis of the old code ;))
Cheers!
u.
More information about the Pkg-privacy-maintainers
mailing list