[Pkg-privacy-maintainers] RFS onionshare 0.8.1-2 to fix CVE

Holger Levsen holger at layer-acht.org
Mon May 30 09:13:16 UTC 2016


I'm sorry, but your debian/0.8.1-2 tag is not what it's supposed to be:

~/Projects/onionshare/onionshare$ git diff debian/0.8.1-1..debian/0.8.1-2 | head -15
diff --git a/debian/changelog b/debian/changelog
index 55e65ad..29b3f00 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,22 @@
+onionshare (0.8.1-2~bpo8+1) jessie-backports; urgency=high
+  * Rebuild for jessie-backports.
+ -- Ulrike Uhlig <u at 451f.org>  Thu, 26 May 2016 22:56:09 +0200
+onionshare (0.8.1-2) unstable; urgency=high
+  * debian/patches:
+    * Add patch by M. Scherer to fix CVE-2016-5026.

The debian/0.8.1-2_bpo80+1 tag is identical to debian/0.8.1-2.

Please fixup those tags.

Also: please don't mark the subject as "urgent" or "half-urgent", when it's
https://security-tracker.debian.org/tracker/CVE-2016-5026 clearly says
"Neutralised by kernel hardening" and "Severity: unimportant". 

Claiming urgency when there is none might result in not believing you
when in future you claim urgency again… :/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-privacy-maintainers/attachments/20160530/518f657c/attachment-0001.sig>

More information about the Pkg-privacy-maintainers mailing list