Re: [SECURITY] [DSA 3121-1] file security update
* Florian Weimer f...@deneb.enyo.de [2015-01-19 19:26:16 CET]: * Henrique de Moraes Holschuh: However, it would be best if we could somehow get you permission to upload backports of file. Looks like it's being worked on: https://nm.debian.org/public/process/cbiedl (I don't know what's blocking this, Christoph really shouldn't have any trouble passing the NM process.) Erm, that's totally unrelated to giving Christoph Biedl upload rights to backports. He's already a DM and can request upload rights to backports following the guidelines in the Contribute part of the backports website, like any other DM or DD. Enjoy, Rhonda -- Fühlst du dich mutlos, fass endlich Mut, los | Fühlst du dich hilflos, geh raus und hilf, los| Wir sind Helden Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang Fühlst du dich haltlos, such Halt und lass los| -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150121114411.ga26...@anguilla.debian.or.at
Re: [SECURITY] [DSA 3121-1] file security update
* Henrique de Moraes Holschuh: However, it would be best if we could somehow get you permission to upload backports of file. Looks like it's being worked on: https://nm.debian.org/public/process/cbiedl (I don't know what's blocking this, Christoph really shouldn't have any trouble passing the NM process.) -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87k30i6307@mid.deneb.enyo.de
Re: [SECURITY] [DSA 3121-1] file security update
On Fri, 09 Jan 2015, Christoph Biedl wrote: Henrique de Moraes Holschuh wrote... I do have a private backport of file/5.21+15, but it is a quick hack job that dropped multiarch and build-profile support to ease backporting. If someone has a better backport that preserves multiarch support, please upload. file maintainer here. I don't have upload permission for backports, so I cannot do the upload. I can and will however prepare one and run my extensive regression tests against it. If somebody is willing to do the upload part as a long-term commitment, please drop me a line. I can sponsor them, yes. However, it would be best if we could somehow get you permission to upload backports of file. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150109192816.ga28...@khazad-dum.debian.net
Re: [SECURITY] [DSA 3121-1] file security update
Henrique de Moraes Holschuh wrote... I do have a private backport of file/5.21+15, but it is a quick hack job that dropped multiarch and build-profile support to ease backporting. If someone has a better backport that preserves multiarch support, please upload. file maintainer here. I don't have upload permission for backports, so I cannot do the upload. I can and will however prepare one and run my extensive regression tests against it. If somebody is willing to do the upload part as a long-term commitment, please drop me a line. Christoph signature.asc Description: Digital signature
Re: [SECURITY] [DSA 3121-1] file security update
On Thu, 08 Jan 2015, Moritz Muehlenhoff wrote: Multiple security issues have been found in file, a tool/library to For the record, the file package currently in wheezy-backports is in dire need of a security update. It is in fact quite dangerous to run it if you have it installed together with, e.g., amavisd-new or anything else that will run file/libmagic on untrusted data from the network. I do have a private backport of file/5.21+15, but it is a quick hack job that dropped multiarch and build-profile support to ease backporting. If someone has a better backport that preserves multiarch support, please upload. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150108223758.ga23...@khazad-dum.debian.net