Bug#782615: nmu: multiple bin-NMU in squeeze-lts for CVE-2013-7439
Hi, On Mittwoch, 15. April 2015, Niels Thykier wrote: As mentioned over IRC, it seems we are unable to schedule these binNMUs for technical reasons. for those wondering: (posted here with permissions...) nthykier buxy: Re: binNMUs in squeeze-lts - looks like a no-can-do nthykier the libxrender one gives me W: can't get version info for libxrender/amd64 nthykier (repeat for i386) adsb yeah, you can't binNMU things in a suite that doesn't contain source for them adsb (or in a suite that they're an overlay for, which is how *-pu work) buxy and if we build them in squeeze, will the build chroot have squeeze- lts? buxy (assuming we can poke some ftpmaster to clear squeeze-pu afterwards) adsb I don't know buxy thanks, taking it over to #debian-buildd ansgar adsb: squeeze-lts should behave like p-u in that regard, i.e. it is an overlay over squeeze for dak. adsb ansgar: fair enough, I hadn't looked at the detail on the ftp-master side. it sounds like that's not how it's implemented in w-b though adsb oh, umm, nvm adsb you mean binNMUing in squeeze should work ansgar adsb: Wouldn't that upload to oldstable-p-u (and get rejected)? ansgar I don't know how w-b handles oldstable-p-u vs. -lts. adsb yeah. cheers, Holger signature.asc Description: This is a digitally signed message part.
Bug#782615: nmu: multiple bin-NMU in squeeze-lts for CVE-2013-7439
Control: tags -1 moreinfo On 2015-04-14 22:12, Raphael Hertzog wrote: Package: release.debian.org User: release.debian@packages.debian.org Usertags: binnmu Severity: normal Hello, I'm wondering whether bin-NMU are possible in squeeze-lts for packages which are not in squeeze-lts but in squeeze only. My question is related to the handling of https://security-tracker.debian.org/tracker/CVE-2013-7439 I have uploaded a fixed libx11 package in squeeze-lts but the packages listed in the comment will have to be rebuilt in squeeze against libx11-dev 2:1.3.3-4+squeeze2 available in squeeze-lts. If it's possible, feel free to schedule the bin-NMU on amd64 and i386 as soon as the packages are built (or combine them with an appropriate dep-wait I guess). [...] Cheers, As mentioned over IRC, it seems we are unable to schedule these binNMUs for technical reasons. I am not sure what the timeline is for resolving those issues, so I am tagging this moreinfo for now. Thanks, ~Niels -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#782615: nmu: multiple bin-NMU in squeeze-lts for CVE-2013-7439
Package: release.debian.org User: release.debian@packages.debian.org Usertags: binnmu Severity: normal Hello, I'm wondering whether bin-NMU are possible in squeeze-lts for packages which are not in squeeze-lts but in squeeze only. My question is related to the handling of https://security-tracker.debian.org/tracker/CVE-2013-7439 I have uploaded a fixed libx11 package in squeeze-lts but the packages listed in the comment will have to be rebuilt in squeeze against libx11-dev 2:1.3.3-4+squeeze2 available in squeeze-lts. If it's possible, feel free to schedule the bin-NMU on amd64 and i386 as soon as the packages are built (or combine them with an appropriate dep-wait I guess). nmu libxrender_1:0.9.6-1+squeeze1 . amd64 i386 . squeeze-lts . -m Rebuild against libx11-dev fixed for CVE-2013-7439 dw libxrender_1:0.9.6-1+squeeze1 . amd64 i386 . squeeze-lts . -m libx11-dev (= 2:1.3.3-4+squeeze2) nmu libxi_2:1.3-8 . amd64 i386 . squeeze-lts . -m Rebuild against libx11-dev fixed for CVE-2013-7439 dw libxi_2:1.3-8 . amd64 i386 . squeeze-lts . -m libx11-dev (= 2:1.3.3-4+squeeze2) nmu libxfixes_1:4.0.5-1+squeeze1 . amd64 i386 . squeeze-lts . -m Rebuild against libx11-dev fixed for CVE-2013-7439 dw libxfixes_1:4.0.5-1+squeeze1 . amd64 i386 . squeeze-lts . -m libx11-dev (= 2:1.3.3-4+squeeze2) nmu libxrandr_2:1.3.0-3+squeeze1 . amd64 i386 . squeeze-lts . -m Rebuild against libx11-dev fixed for CVE-2013-7439 dw libxrandr_2:1.3.0-3+squeeze1 . amd64 i386 . squeeze-lts . -m libx11-dev (= 2:1.3.3-4+squeeze2) nmu libsdl1.2_1.2.14-6.1 . amd64 i386 . squeeze-lts . -m Rebuild against libx11-dev fixed for CVE-2013-7439 dw libsdl1.2_1.2.14-6.1 . amd64 i386 . squeeze-lts . -m libx11-dev (= 2:1.3.3-4+squeeze2) nmu libxv_2:1.0.5-1+squeeze1 . amd64 i386 . squeeze-lts . -m Rebuild against libx11-dev fixed for CVE-2013-7439 dw libxv_2:1.0.5-1+squeeze1 . amd64 i386 . squeeze-lts . -m libx11-dev (= 2:1.3.3-4+squeeze2) nmu libxp_1:1.0.0.xsf1-2+squeeze1 . amd64 i386 . squeeze-lts . -m Rebuild against libx11-dev fixed for CVE-2013-7439 dw libxp_1:1.0.0.xsf1-2+squeeze1 . amd64 i386 . squeeze-lts . -m libx11-dev (= 2:1.3.3-4+squeeze2) nmu xserver-xorg-video-vmware_1:11.0.1-2 . amd64 i386 . squeeze-lts . -m Rebuild against libx11-dev fixed for CVE-2013-7439 dw xserver-xorg-video-vmware_1:11.0.1-2 . amd64 i386 . squeeze-lts . -m libx11-dev (= 2:1.3.3-4+squeeze2) nmu cairo_1.8.10-6 . amd64 i386 . squeeze-lts . -m Rebuild against libx11-dev fixed for CVE-2013-7439 dw cairo_1.8.10-6 . amd64 i386 . squeeze-lts . -m libx11-dev (= 2:1.3.3-4+squeeze2) nmu libxext_2:1.1.2-1+squeeze1 . amd64 i386 . squeeze-lts . -m Rebuild against libx11-dev fixed for CVE-2013-7439 dw libxext_2:1.1.2-1+squeeze1 . amd64 i386 . squeeze-lts . -m libx11-dev (= 2:1.3.3-4+squeeze2) nmu open-vm-tools_1:8.4.2-261024-1 . amd64 i386 . squeeze-lts . -m Rebuild against libx11-dev fixed for CVE-2013-7439 dw open-vm-tools_1:8.4.2-261024-1 . amd64 i386 . squeeze-lts . -m libx11-dev (= 2:1.3.3-4+squeeze2) Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
