user release.debian....@packages.debian.org usertags 882904 + pu tags 882904 + jessie moreinfo retitle 882904 pu: package mariadb/10.0.33 thanks
[If you're unable or unwilling to add the correct metadata yourself, please at least use reportbug so that it does it for you.] On Mon, 2017-11-27 at 21:23 +0200, Otto Kekäläinen wrote: > I hereby request permission from the release team to upload > mariadb-10.0 release 10.0.33-1 to the next Jessie point release. > > This upload does not strictly qualify the criteria listed at > https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upl > oad-stable > but the security team suggested this upstream micro release, which > contains a few minor security fixes, would be a good fit for a stable > point release instead of going in as an urgent security update. > > Current changelog draft: > > +mariadb-10.0 (10.0.33-0+deb8u1) jessie; urgency=medium > + > + * New upstream version 10.0.33. Includes fixes for the following > + security vulnerabilities: > + - CVE-2017-10378, MDEV-13819 > + - CVE-2017-10268 > + * Refresh patches on top of MariaDB 10.0.33 > + > + -- Otto Kekäläinen <o...@debian.org> Tue, 21 Nov 2017 11:05:51 > +0100 > > > I will prepare the final changelog when I have thumbs up from you to > do so. You appear to be stuck in a little bit of a chicken-and-egg situation, given that the final decision as to whether to accept the package will be based on a diff of the final source package. > Please also advise me on what is the correct revision string > and release pocket string – my experience is mostly about security > uploads, very seldom have I done point release stable updates. The version number style for both security and stable updates are the same, so 10.0.33-0+deb8u1. The suite name in the changelog ("pocket" is an Ubuntuism, not used in Debian) should be "jessie". > Here is debdiff for current git head; > https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/diff/debia > n/?id2=debian/10.0.32-1&id=jessie > > and diff off the whole package, including upstream sources: > https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/diff/?id2= > debian/10.0.32-1&id=jessie We very much prefer diffs to form part of the bug log, not least because they're guaranteed to persist in that manner. Regards, Adam