wheezy-backports security upload
Ferenc Wagner
wferi at niif.hu
Mon Mar 30 12:21:55 UTC 2015
Matthew Vernon <matthew at debian.org> writes:
> On 29/03/15 19:26, Ferenc Wagner wrote:
>
>> Thank you. I uploaded the corresponding wheezy-backports package to
>> http://apt.niif.hu/upload/, cloud you please help uploading that as
>> well? I left in Distribution: wheezy, since you'll rebuild it anyway,
>> but I will happily correct it if you wish.
>
> Now building (getting the other wheezy-backports into my wheezy chroot
> turned out to be a bit irksome); I'll upload it once it's done (and signed).
Thanks! Btw, this is what I'd try:
$ sbuild -A --build-dep-resolver=aptitude -d wheezy-backports -c wheezy --extra-repository="deb http://ftp.hu.debian.org/debian wheezy-backports main"
I've got no idea why you got the "Not accepted by any per-suite acl"
reject, though...
>> According to http://backports.debian.org/Contribute/ I'm asking for a
>> BSA number now.
>
> Will you write the announcement?
I can, but I'm not sure my signature would cut it. Also, who is the
<Uploader>? Anyway, I imagine something like this:
Subject: [BSA-XXX] Security Update for shibboleth-sp
<Uploader> uploaded new packages for shibboleth-sp which fixed the
following security problems:
CVE-2015-2684
A denial of service vulnerability was found in the Shibboleth (a
federated identity framework) Service Provider. When processing
certain malformed SAML message generated by an authenticated attacker,
the daemon could crash.
For the wheezy-backports distribution the problems have been fixed in
version 2.5.3+dfsg-2~bpo70+1.
--
Thanks,
Feri.
More information about the Pkg-shibboleth-devel
mailing list