Hi Felix, On Fri, May 08, 2015 at 07:11:17PM +0200, Felix Geyer wrote: > Hi, > > On Fri, 01 May 2015 12:45:32 +0200 Salvatore Bonaccorso <car...@debian.org> > wrote: > > Source: quassel > > Version: 1:0.10.0-2.3 > > Severity: important > > Tags: security patch upstream fixed-upstream > > > > Hi, > > > > the following vulnerability was published for quassel. > > > > CVE-2015-3427[0]: > > Incomplete fix for CVE-2013-4422 > > I have uploaded a fix to unstable. > Can I upload the same to security-master for jessie-security > (different changelog entry obviously)?
Thanks for working on this update. The debdiff for unstable looks good
to me. Yes, please upload as well for jessie-security (distribution
jessie-security, version set to 1:0.10.0-2.3+deb8u1). Make sure to
build with -sa though, since quassel is new to dak on security-master
so need to include original source.
Regards,
Salvatore
p.s.: for future requests, could you please as well Cc the security team
alias, so that it can be picked up and answered by someone who has
currently resource to handle that particular request.
signature.asc
Description: Digital signature
