Re: [Bug 411849] Re: Please backport security fix for USN-812-1 in subversion 1.5
Hi, Am 02.03.2010 17:08, wrote Jamie Strandboge: NAK. The debdiff drops the changes introduced in hardy1 and hardy2. Please update the debdiff and I'll review it. I'm sorry, could you elaborate what change the debdiff drops? Change of hardy1 to hardy2 was switched libneon-gnutls-dev to libneon-dev the debdiff does not touch this change, does it? Or does the debdiff need to include all changes against some other base version and not against subversion_1.5.1dfsg1-1ubuntu2~hardy2 ? Or are you concerned about the version number? I changed 1.5.1dfsg1-1ubuntu2~hardy2 to 1.5.1dfsg1-1ubuntu2.1~hardy1 Maybe it should be 1.5.1dfsg1-1ubuntu2.1~hardy2 instead? Best regards, Arnd -- Please backport security fix for USN-812-1 in subversion 1.5 https://bugs.launchpad.net/bugs/411849 You received this bug notification because you are a member of Ubuntu Backports Testing Team, which is subscribed to Hardy Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 411849] Re: Please backport security fix for USN-812-1 in subversion 1.5
Hi John, thanks for taking some time to look into this. Any progress so far? Best regards, Arnd -- Please backport security fix for USN-812-1 in subversion 1.5 https://bugs.launchpad.net/bugs/411849 You received this bug notification because you are a member of Ubuntu Backports Testing Team, which is subscribed to Hardy Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
Re: [Bug 411849] Re: Please backport security fix for USN-812-1 in subversion 1.5
Hi John, John Vivirito wrote: Since you have diff on the bug. Is this still up to date? other than that i subscribed the team to look at i Yes bug is still valid. Most recent version in the backports repos is 1.5.1dfsg1-1ubuntu2~hardy2 which is still vulnerable to the mentioned attack. Best regards, Arnd -- Please backport security fix for USN-812-1 in subversion 1.5 https://bugs.launchpad.net/bugs/411849 You received this bug notification because you are a member of Ubuntu Backports Testing Team, which is subscribed to Hardy Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 411849] Re: Please backport security fix for USN-812-1 in subversion 1.5
I understand that the ubuntu security team does not officially support backports. But in this particular case, where the security fix was already done for the exact same packet in intrepid, I simply have problems to understand that noone takes a few secs to start a rebuild of the package. Maybe, the backports repository should be renamed to something more adequate. I propose backdoors... -- Please backport security fix for USN-812-1 in subversion 1.5 https://bugs.launchpad.net/bugs/411849 You received this bug notification because you are a member of Ubuntu Backports Testing Team, which is subscribed to Hardy Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
Re: [Bug 411849] Re: Please backport security fix for USN-812-1 in subversion 1.5
Hi John, John Vivirito wrote: On 02/03/2010 05:18 AM, mark wrote: Mind you, it does say in the Ubuntu release notes that backports aren't going to have security fixes etc on them... So its one of those problems I suppose The fix will be pushed to *-security repo not backports if and when its fixed as you seem more familiar with the backports / backports-security process. What can I do to move this bug forward? Best regards, Arnd -- Please backport security fix for USN-812-1 in subversion 1.5 https://bugs.launchpad.net/bugs/411849 You received this bug notification because you are a member of Ubuntu Backports Testing Team, which is subscribed to Hardy Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 411849] Re: Please backport security fix for USN-812-1 in subversion 1.5
Ping? -- Please backport security fix for USN-812-1 in subversion 1.5 https://bugs.launchpad.net/bugs/411849 You received this bug notification because you are a member of Ubuntu Backports Testing Team, which is subscribed to Hardy Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 411849] Re: Please backport security fix for USN-812-1 in subversion 1.5
What should I do to get this fix uploaded to the ubuntu backports repositories? -- Please backport security fix for USN-812-1 in subversion 1.5 https://bugs.launchpad.net/bugs/411849 You received this bug notification because you are a member of Ubuntu Backports Testing Team, which is subscribed to Hardy Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 411849] Re: Please backport security fix for USN-812-1 in subversion 1.5
It's quite embarrassing that this is still not even confirmed. Maybe the ubuntu backports process is somehow broken? This is a known, easy to fix security bug. It's ridiculous that I had to report it in the first place. -- Please backport security fix for USN-812-1 in subversion 1.5 https://bugs.launchpad.net/bugs/411849 You received this bug notification because you are a member of Ubuntu Backports Testing Team, which is subscribed to Hardy Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 411849] Re: Please backport security fix for USN-812-1 in subversion 1.5
I copied the fix from intrepid and uploaded the resulting package to my PPA: https://launchpad.net/~arnd-arndnet/+archive/ppa ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-2411 ** Visibility changed to: Public -- Please backport security fix for USN-812-1 in subversion 1.5 https://bugs.launchpad.net/bugs/411849 You received this bug notification because you are a member of Ubuntu Backports Testing Team, which is subscribed to Hardy Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 411849] [NEW] Please backport security fix for USN-812-1 in subversion 1.5
*** This bug is a security vulnerability *** Private security bug reported: Last week 1.5.1dfsg1-1ubuntu2.1 was rolled out in Ubuntu 8.10 intrepid fixing a security issue. (USN-812-1/CVE-2009-2411). As the backport 1.5.1dfsg1-1ubuntu2~hardy2 is affected as well, it would be very nice to backport the security fix. Thanks, Arnd ** Affects: hardy-backports Importance: Undecided Status: New -- Please backport security fix for USN-812-1 in subversion 1.5 https://bugs.launchpad.net/bugs/411849 You received this bug notification because you are a member of Ubuntu Backporters, which is a direct subscriber. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports