Bug#946346: Bug#946345: proftpd-dfsg: CVE-2019-19269

Salvatore Bonaccorso carnil at debian.org
Mon Dec 9 19:33:17 GMT 2019


Hi Hilmar!

On Mon, Dec 09, 2019 at 08:20:27PM +0100, Hilmar Preuße wrote:
> Am 09.12.2019 um 14:58 teilte Salvatore Bonaccorso mit:
> > On Sun, Dec 08, 2019 at 11:52:31PM +0100, Hilmar Preuße wrote:
> 
> Hi,
> 
> >> Please find attached the debdiff patches for buster and stretch. I did
> >> not test the code at all (except that build runs OK), but the change
> >> seems to be rather trivial to me.
> > 
> > Thsese do not warrant a DSA. Could you fix those issues for an
> > upcoming point release for buster and stretch?
> > 
> 1. Are there instructions how to do that?

Yes, there are some indication on how to proceed here:

https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributions

> 2. Am I able to do that myself w/o being a DD?

Yes defintively, the whole process is doable without beeing a DD, and
if you have upload permissions for a package you then as well can do
an upload (without need of a sponsor).

Regards,
Salvatore



More information about the Pkg-proftpd-maintainers mailing list