Hi Felix, On Fri, May 08, 2015 at 07:11:17PM +0200, Felix Geyer wrote: > Hi, > > On Fri, 01 May 2015 12:45:32 +0200 Salvatore Bonaccorso <car...@debian.org> > wrote: > > Source: quassel > > Version: 1:0.10.0-2.3 > > Severity: important > > Tags: security patch upstream fixed-upstream > > > > Hi, > > > > the following vulnerability was published for quassel. > > > > CVE-2015-3427[0]: > > Incomplete fix for CVE-2013-4422 > > I have uploaded a fix to unstable. > Can I upload the same to security-master for jessie-security > (different changelog entry obviously)?
Thanks for working on this update. The debdiff for unstable looks good to me. Yes, please upload as well for jessie-security (distribution jessie-security, version set to 1:0.10.0-2.3+deb8u1). Make sure to build with -sa though, since quassel is new to dak on security-master so need to include original source. Regards, Salvatore p.s.: for future requests, could you please as well Cc the security team alias, so that it can be picked up and answered by someone who has currently resource to handle that particular request.
signature.asc
Description: Digital signature