[Pkg-privacy-maintainers] RFS onionshare 0.8.1-2 to fix CVE
u
u at 451f.org
Mon May 30 09:35:14 UTC 2016
Hi Holger,
Holger Levsen:
> I'm sorry, but your debian/0.8.1-2 tag is not what it's supposed to be:
>
> ~/Projects/onionshare/onionshare$ git diff debian/0.8.1-1..debian/0.8.1-2 | head -15
> diff --git a/debian/changelog b/debian/changelog
> index 55e65ad..29b3f00 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,22 @@
> +onionshare (0.8.1-2~bpo8+1) jessie-backports; urgency=high
> +
> + * Rebuild for jessie-backports.
> +
> + -- Ulrike Uhlig <u at 451f.org> Thu, 26 May 2016 22:56:09 +0200
> +
> +onionshare (0.8.1-2) unstable; urgency=high
> +
> + * debian/patches:
> + * Add patch by M. Scherer to fix CVE-2016-5026.
>
> The debian/0.8.1-2_bpo80+1 tag is identical to debian/0.8.1-2.
>
> Please fixup those tags.
Weird, I must have been in a hurry. I'll fix that later today.
> Also: please don't mark the subject as "urgent" or "half-urgent", when it's
> not:
> https://security-tracker.debian.org/tracker/CVE-2016-5026 clearly says
> "Neutralised by kernel hardening" and "Severity: unimportant".
>
> Claiming urgency when there is none might result in not believing you
> when in future you claim urgency again… :/
Well I think the problem here is that I wrote this email quite some time
before the security tracker was updated. I followed the guidelines from
Debian policy which clearly states that urgency should be "high".
And this email subject relates to exactly that state in between knowing
exactly how urgent it is to fix this. That's why I marked it as half
urgent, instead of not urgent at all.
Cheers!
u.
More information about the Pkg-privacy-maintainers
mailing list