Bug#776246: Processed: severity of 776246 is grave
Control: tags -1 buster-ignore Hi, On Tue, Feb 19, 2019 at 10:18:19PM +0100, Moritz Mühlenhoff wrote: > On Wed, Feb 20, 2019 at 02:12:55AM +0500, Andrey Rahmatullin wrote: > > On Tue, Feb 19, 2019 at 10:00:34PM +0100, Moritz Mühlenhoff wrote: > > > If a transition (even though it's marginal in size) isn't an option at > > > this > > > point > > That's not for me to decide. Should we ask the RT? > > Sounds like a plan, can you please ping them? This looks like something that will have to wait till after the release. Thanks, Ivo
Bug#776246: Processed: severity of 776246 is grave
On Tue, Feb 19, 2019 at 10:26:09AM +0100, Christoph Martin wrote: > What can we do to not loose these packages (burp in my case)? > > librsync 2.0.2-1~exp1 was uploaded to experimental three days ago. csync2 seems to build fine with librsync2 from experimental so if you can upload that to unstable, maybe we can still save some of the affected packages. -- Valentin
Bug#776246: Processed: severity of 776246 is grave
On Wed, Feb 20, 2019 at 02:12:55AM +0500, Andrey Rahmatullin wrote: > On Tue, Feb 19, 2019 at 10:00:34PM +0100, Moritz Mühlenhoff wrote: > > If a transition (even though it's marginal in size) isn't an option at this > > point > That's not for me to decide. Should we ask the RT? Sounds like a plan, can you please ping them? Cheers, Moritz
Bug#776246: Processed: severity of 776246 is grave
On Tue, Feb 19, 2019 at 10:00:34PM +0100, Moritz Mühlenhoff wrote: > If a transition (even though it's marginal in size) isn't an option at this > point That's not for me to decide. Should we ask the RT? -- WBR, wRAR signature.asc Description: PGP signature
Bug#776246: Processed: severity of 776246 is grave
On Sat, Feb 16, 2019 at 10:35:05PM +0500, Andrey Rahmatullin wrote: > On Sat, Feb 16, 2019 at 12:33:08PM +, Debian Bug Tracking System wrote: > > Processing commands for cont...@bugs.debian.org: > > > > > severity 776246 grave > > Bug #776246 [librsync1] MD4 collision/preimage attacks (CVE-2014-8242) > > Severity set to 'grave' from 'important' > > > thanks > > Stopping processing here. > > > > Please contact me if you need assistance. > Fixing this requires a transition and removing or patching rdiff-backup so > > Checking reverse dependencies... > # Broken Depends: > burp: burp [amd64 arm64 armel armhf i386 kfreebsd-amd64 kfreebsd-i386 mips > mips64el mipsel ppc64el s390x] > csync2: csync2 > duplicity: duplicity > rdiff-backup: rdiff-backup > > # Broken Build-Depends: > burp: librsync-dev > csync2: librsync-dev > duplicity: librsync-dev (>= 0.9.6) >rdiff > rdiff-backup: librsync-dev > > > Unfortunately I was too demotivated by the initial state of new librsync > (1.0+) and the API breakage affecting rdiff-backup to proceed with this > during the release cycle. If a transition (even though it's marginal in size) isn't an option at this point I'm fine with ignoring this for buster again, but this by all means fixed soon after. Cheers, Moritz
Bug#776246: Processed: severity of 776246 is grave
On Tue, Feb 19, 2019 at 10:26:09AM +0100, Christoph Martin wrote: > What can we do to not loose these packages (burp in my case)? > > librsync 2.0.2-1~exp1 was uploaded to experimental three days ago. I guess librsync2 would need to go into unstable and testing. Than we can try to update our apps to the new API and also enter testing again. Not sure if this is realistic at this point in the release proces so that is why I suggested setting severity grave after buster is out. -- Valentin
Bug#776246: Processed: severity of 776246 is grave
What can we do to not loose these packages (burp in my case)? librsync 2.0.2-1~exp1 was uploaded to experimental three days ago. Am 18.02.19 um 18:34 schrieb Valentin Vidic: > Hi, > > Not sure why grave so late in the release process that we lose > some packages (csync2 in my case)? grave after the release would > give us more time to move to librsync2. > signature.asc Description: OpenPGP digital signature
Bug#776246: Processed: severity of 776246 is grave
Hi, Not sure why grave so late in the release process that we lose some packages (csync2 in my case)? grave after the release would give us more time to move to librsync2. -- Valentin
Bug#776246: Processed: severity of 776246 is grave
On Sat, Feb 16, 2019 at 12:33:08PM +, Debian Bug Tracking System wrote: > Processing commands for cont...@bugs.debian.org: > > > severity 776246 grave > Bug #776246 [librsync1] MD4 collision/preimage attacks (CVE-2014-8242) > Severity set to 'grave' from 'important' > > thanks > Stopping processing here. > > Please contact me if you need assistance. Fixing this requires a transition and removing or patching rdiff-backup so Checking reverse dependencies... # Broken Depends: burp: burp [amd64 arm64 armel armhf i386 kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel ppc64el s390x] csync2: csync2 duplicity: duplicity rdiff-backup: rdiff-backup # Broken Build-Depends: burp: librsync-dev csync2: librsync-dev duplicity: librsync-dev (>= 0.9.6) rdiff rdiff-backup: librsync-dev Unfortunately I was too demotivated by the initial state of new librsync (1.0+) and the API breakage affecting rdiff-backup to proceed with this during the release cycle. -- WBR, wRAR signature.asc Description: PGP signature