Hi Simon, thanks for your reply.
On Sa 29 Aug 2020 12:47:00 CEST, Simon McVittie wrote:
On Sat, 29 Aug 2020 at 10:16:28 +0000, Mike Gabriel wrote:here is a summary of what we discussed on IRC. * gnome-shell in stretch+buster reveal password length * CVE-2020-17489/buster -> bach to <no-dsa> (fix via buster-pu) * CVE-2020-17489/stretch -> back to "vulnerable" (fix via LTS in prep) @smcv: please let me know if you are ok with me uploading to buster-pu or if you'd rather like to have a .debdiff.Thanks for looking into this. If you wouldn't mind sending a debdiff to this bug (or a merge request to https://salsa.debian.org/gnome-team/gnome-shell/-/tree/debian/buster, your choice), it's probably best for someone from the GNOME team to have the opportunity to check it before uploading to buster-pu - there's no date planned for Debian 10.6 yet, so we're not on a tight schedule for -pu uploads. Thanks, smcv
Here two MRs, one for buster, one for stretch: https://salsa.debian.org/gnome-team/gnome-shell/-/merge_requests/40 (buster) https://salsa.debian.org/gnome-team/gnome-shell/-/merge_requests/41 (stretch)Looking forward to feedback. Let me know if I shall handle uploads, the buster-pu bug report, the DLA report, etc.
Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4351) 486 14 27 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net
pgpZzHC5euz2F.pgp
Description: Digitale PGP-Signatur