Re: Bug#757555: pam: CVE-2014-2583 pam_timestamp directory traversal issues

control: tag -1 patch On Sat, Aug 9, 2014 at 9:46 PM, Steve Langasek wrote: > Which according to elsewhere in my mailbox, you've dealt with by uploading a > 10-day delayed NMU. This is unacceptable Sorry for not getting the nmu mail out in a timely manner, but real life got in the way. What is

Re: Not the only one. Was: Re: Bug#757555: pam: CVE-2014-2583 pam_timestamp directory traversal issues

On Sunday 10 August 2014 15:52:51 Matthias Klose wrote: > Am 10.08.2014 um 15:25 schrieb Lisandro Damián Nicanor Pérez Meyer: > > Interesting, because yesterday I've got a patch [0] (cool, thanks a lot!) > > but stating that the package has been NMUed and uploaded to delayed/5. > > So, even 5 less

Re: Not the only one. Was: Re: Bug#757555: pam: CVE-2014-2583 pam_timestamp directory traversal issues

On Sun, 10 Aug 2014 15:52:51 +0200, Matthias Klose wrote: > I wasn't aware that we are still supposed to do delayed/10 uploads, now that > the > default priority for uploads is medium. https://www.debian.org/doc/manuals/developers-reference/pkgs.html#nmu-guidelines recommends: * Upload fixing o

Re: Not the only one. Was: Re: Bug#757555: pam: CVE-2014-2583 pam_timestamp directory traversal issues

Hi, 2014-08-10 14:25 Lisandro Damián Nicanor Pérez Meyer: On Saturday 09 August 2014 18:46:09 Steve Langasek wrote: [snip] Which according to elsewhere in my mailbox, you've dealt with by uploading a 10-day delayed NMU. This is unacceptable. The NMU process always requires that you send your

Re: Not the only one. Was: Re: Bug#757555: pam: CVE-2014-2583 pam_timestamp directory traversal issues

Am 10.08.2014 um 15:25 schrieb Lisandro Damián Nicanor Pérez Meyer: > Interesting, because yesterday I've got a patch [0] (cool, thanks a lot!) but > stating that the package has been NMUed and uploaded to delayed/5. So, even 5 > less days than in your case. > > Less than 5 minutes later, the pa

Not the only one. Was: Re: Bug#757555: pam: CVE-2014-2583 pam_timestamp directory traversal issues

On Saturday 09 August 2014 18:46:09 Steve Langasek wrote: [snip] > Which according to elsewhere in my mailbox, you've dealt with by uploading a > 10-day delayed NMU. This is unacceptable. The NMU process always requires > that you send your NMU diff to the BTS for review by the maintainer > *fir

Re: Bug#757555: pam: CVE-2014-2583 pam_timestamp directory traversal issues

On Sat, Aug 09, 2014 at 06:19:00AM -0400, Michael Gilbert wrote: > package: src:pam > severity: important > version: 1.1.3-7 > tags: security > Multiple directory traversal issues have been fixed in pam_timestap: > https://security-tracker.debian.org/tracker/CVE-2014-2583 Which according to elsew