Control: tag -1 confirmed On Tue, Jul 26, 2016 at 14:14:41 +0300, Sergei Golovan wrote:
> Package: release.debian.org > Severity: normal > Tags: jessie > User: release.debian....@packages.debian.org > Usertags: pu > > Hi release team! > > I'd like to upload stable update for the YAWS web server which would > fix #832433 (see [1] for details). It's a vulnerability found in quite > a few products, YAWS passes the HTTP_PROXY environment variable to its > CGI scripts and takes the value for it from the Proxy: HTTP header > (see [2]). > > The patch for this bug is taken from upstream. The diff is attached. > > diff -Nru yaws-1.98/debian/changelog yaws-1.98/debian/changelog > --- yaws-1.98/debian/changelog 2014-08-18 08:49:39.000000000 +0400 > +++ yaws-1.98/debian/changelog 2016-07-26 07:48:48.000000000 +0300 > @@ -1,3 +1,10 @@ > +yaws (1.98-4+deb8u1) stable; urgency=low We usually prefer "jessie" as distribution in changelog. Either way, feel free to upload. Cheers, Julien
