Hi, On 16/10/13 17:20, Moritz Muehlenhoff wrote: >> yes, preparing a new 1.2.9 for stable. This also fixes the other >> outstanding issues with polarssl. >> >> Should I upload it to the security queue? > > Yes, but please send a debdiff to t...@security.debian.org first
See attached polarssl.debdiff: Only debian/changes is changed since all changes are in the upstream tarball only. Please tell if you need a diff of the latter one also. > Please use 1.2.9-1~deb7u1 for stable-security. > > Due to a bug in dak on security-master we cannot release a package > with the same tarball in oldstable-securit and stable-security. > > As such, we first need to release 1.2.9-1~deb7u1 for stable-security > and 1.2.9-1~deb6u1 for oldstable-security can follow later. > > Since the 1.2.9 tarball is new in the security archive, the updates > need to be built with "-sa". OK, please tell when I should upload. Thanks in advance, Roland
diff -ruN polarssl-1.2.8/debian/changelog polarssl-1.2.9/debian/changelog --- polarssl-1.2.8/debian/changelog 2013-06-23 11:11:34.124047388 +0200 +++ polarssl-1.2.9/debian/changelog 2013-10-16 20:15:19.360074536 +0200 @@ -1,3 +1,10 @@ +polarssl (1.2.9-1~deb7u1) stable-security; urgency=low + + * New upstream release + - Fixes CVE-2013-5914 CVE-2013-5915 (Closes: #725359) + + -- Roland Stigge <sti...@antcom.de> Wed, 16 Oct 2013 20:04:47 +0200 + polarssl (1.2.8-2) unstable; urgency=low * Activate HAVEGE config option manually, needed since 1.2.8