Re: [Bug 151492] Re: new upstream version 1.4.002
Hi Jamie, I will try to find someone to provide that debdiff, as I personally have no experience with the packaging of debian/ubuntu packages. What about the other issue: including the current eGroupWare relase 1.4.002 in the next Ubuntu release, even if Debian decided to let it sit in experimental? Kind regards Ralf eGroupWare admin Jamie Strandboge schrieb: > Ralf, as egroupware is a universe package, it is not officially > supported with security updates. I have made a link to the Debian > report with the patch, and adjusted the title of the bug. If you or a > community member provides a debdiff with the security patches for 6.06 - > 7.10, then I will be happy to get it uploaded for you. > > ** Also affects: egroupware (Debian) via >http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444351 >Importance: Unknown >Status: Unknown > > ** Summary changed: > > - new upstream version 1.4.002 > + [CVE-2007-5091] egroupware: new upstream version 1.4.002 > -- Ralf Becker eGroupWare Training & Support ==> http://www.egroupware-support.de Outdoor Unlimited Training GmbH [www.outdoor-training.de] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 (0)631 31657-0 -- [CVE-2007-5091] egroupware: new upstream version 1.4.002 https://bugs.launchpad.net/bugs/151492 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 151492] Re: new upstream version 1.4.002
Ralf, as egroupware is a universe package, it is not officially supported with security updates. I have made a link to the Debian report with the patch, and adjusted the title of the bug. If you or a community member provides a debdiff with the security patches for 6.06 - 7.10, then I will be happy to get it uploaded for you. ** Also affects: egroupware (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444351 Importance: Unknown Status: Unknown ** Summary changed: - new upstream version 1.4.002 + [CVE-2007-5091] egroupware: new upstream version 1.4.002 -- [CVE-2007-5091] egroupware: new upstream version 1.4.002 https://bugs.launchpad.net/bugs/151492 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 151492] Re: new upstream version 1.4.002
Hi Henrik & Jamie, thanks for responding :-) About 1.) I'm not familiar with debian/ubuntu package structure, the following link goes to the original debian bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444351 It contains a link to the patch extracted from our svn repository fixing the issue: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=CVE-2007-5091.patch;att=1;bug=444351 As there's this patch and updated debian packages egroupware/1.2.107-2.dfsg-2, do you still need that debdiff think? About 2.) I need to look into the requirements and see if we fulfill them and I have time to do the required report arguing to include eGW into main. That still leaves the original issue: how do we (eGroupWare project) get current packages into Ubuntu, as long Debian only has them in testing? I thought Ubuntu is not only repackaging Debian, but strives to be more innovative and current then Debian ;-) Ralf ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-5091 -- new upstream version 1.4.002 https://bugs.launchpad.net/bugs/151492 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 151492] Re: new upstream version 1.4.002
Only packages in the 'main' repository will receive security updates from Canonical. egroupware is currently included in the Ubuntu universe repository and this repository is community supported. To have updated egroupware packages in Ubuntu, you may: 1. provide a debdiff for the package against the released versions of Ubuntu (eg, dapper, edgy, feisty and gutsy) and attach it to the bug report. For information on this, please see https://wiki.ubuntu.com/SecurityUpdateProcedures 2. get egroupware into the main repository. Please see https://wiki.ubuntu.com/MainInclusionProcess -- new upstream version 1.4.002 https://bugs.launchpad.net/bugs/151492 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 151492] Re: new upstream version 1.4.002
Hi Ralf, I'm removing the Gutsy nomination of this bug because does currently not qualify for a 7.10 stable release update (SRU). See: https://wiki.ubuntu.com/StableReleaseUpdates . I'm also removing the security flag from the ug as there is no sensitive information in the report. I realise that you set it as such because your updated egroupware version contains security fixes. However, a security bug will not be visible to most developers. I've subscribed Jamie Strandboge who works with security issues on the server team. Jamie, could you advise advise on the best way to promote the latest versions of egroupware in Ubuntu? Generally security issues will be fixes by backporting fixes, while other bug fixes should be handled through backports. ** This bug is no longer flagged as a security issue -- new upstream version 1.4.002 https://bugs.launchpad.net/bugs/151492 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 151492] Re: new upstream version 1.4.002
** Changed in: egroupware (Ubuntu) Status: New => Confirmed -- new upstream version 1.4.002 https://bugs.launchpad.net/bugs/151492 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 151492] Re: new upstream version 1.4.002
What do we (eGroupWare project) need to do, to get our current stable release into Ubuntu again? Ralf -- new upstream version 1.4.002 https://bugs.launchpad.net/bugs/151492 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs