On Fri, 25 Nov 2016, Rhonda D'Vine wrote: > > After futher review, I opted to tag this no-dsa meaning that we will > > not handle the issue by ourselves. This information leak is only > > problematic when you run irssi on a multi-user machine and > > when you use /upgrade. > > That's correct.
Thanks for confirming! > > This is not a very frequent use case. That said you are still > > welcome to provide an update in wheezy if you wish so. > > Interestingly enough, I tried to push it last night but fumbled with > having forgotten to include the .orig.tar.gz into it. I will try so > again the coming night. Yes, the first upload to security.debian.org needs to be built with "-sa" to include the upstream tarball. That's one of the downsides to using security.debian.org vs a normal suite on ftp-master. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
