Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Dear Release Team,
I'd like to fix CVE-2020-11061 for bacula in buster. The DSA team
recommends fixing it via point release (according to the security
tracker).
The version in
Julien Cristau writes:
> Control: tag -1 confirmed
> Sorry for the delay, please go ahead.
For information, I've uploaded the package some time ago and it's
waiting in the NEW queue for FTP master review.
Regards,
Carsten
Control: tags -1 - confirmed
Hi Adam,
> On Sat, 2019-07-13 at 12:36 +0200, Carsten Leonhardt wrote:
>> Control: tags -1 - moreinfo
>>
>> Hi,
>>
>> attached is a new debdiff, the only change is that I removed some
>> cruft
>> from the "Origin&
ed headers, CVE-2016-10711
+(Closes: #888786).
+
+ -- Carsten Leonhardt Sun, 07 Jul 2019 23:44:04 +0200
+
pound (2.7-1.3) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru pound-2.7/debian/patches/0003-CVE-2016-1071.patch pound-2.7/debian/patches/0003-CVE-2016-1071.patch
--- pound-
Control: tags -1 - moreinfo
> On 2019-07-08 09:40, Carsten Leonhardt wrote:
>> pound is affected by non-dsa CVE-2016-10711.
>
> The metadata for #888786 indicates that the issue affects the package
> in unstable, and is not yet fixed there. Is that correct?
No, the packag
: #888786).
+
+ -- Carsten Leonhardt Sun, 07 Jul 2019 23:44:04 +0200
+
pound (2.7-1.3) unstable; urgency=medium
* Non-maintainer upload.
diff --git a/debian/patches/0003-CVE-2016-1071.patch b/debian/patches/0003-CVE-2016-1071.patch
new file mode 100644
index 000..09da940
--- /dev/null
Hi,
is there a chance the fixed package will be accepted?
Maybe you would prefer separate fixes for the two problems?
Regards,
Carsten
0
else
log_progress_msg "- the configtest"
diff --git a/debian/changelog b/debian/changelog
index d0a4ac54..81b0627a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+bacula (7.4.4+dfsg-6+deb9u1) stretch; urgency=medium
+
+ [Sven Hartge]
+ * Let PID files be o
100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+bacula (7.4.4+dfsg-6+deb9u1) stretch; urgency=medium
+
+ [Sven Hartge]
+ * Let PID files be owned by root. Mitigates a minor security problem
+similar to CVE 2017-14610. Note that this change disables automatic
+tr
Julien Cristau <jcris...@debian.org> writes:
> On 01/15/2018 08:32 AM, Carsten Leonhardt wrote:
>> Julien Cristau <jcris...@debian.org> writes:
>>
>>> Control: tag -1 moreinfo
>>>
>>> On Thu, Nov 16, 2017 at 00:02:29 +0100, Carsten Leonha
Julien Cristau <jcris...@debian.org> writes:
> Control: tag -1 moreinfo
>
> On Thu, Nov 16, 2017 at 00:02:29 +0100, Carsten Leonhardt wrote:
>
>> 2) Bug #880529: When updating from jessie to stretch, the package
>> "bacula-director-common" will be removed,
Hi,
is there anything else I can do to help this into the next stable
update?
Or at least only one of the changes?
Regards,
Carsten
Hi,
> 2) Bug #880529: When updating from jessie to stretch, the package
> "bacula-director-common" will be removed, but the postrm will stay
> around. Upon purging this package, postrm unconditionally removes the
> main bacula configuration file /etc/bacula/bacula-dir.conf, leaving
> bacula
9:25.0 +0100
+++ bacula-7.4.4+dfsg/debian/changelog 2017-11-15 22:55:15.0 +0100
@@ -1,3 +1,17 @@
+bacula (7.4.4+dfsg-6+deb9u1) stretch; urgency=medium
+
+ [Sven Hartge]
+ * Let PID files be owned by root. Mitigates a minor security problem
+similar to CVE 2017-14610. Note that th
-1,3 +1,25 @@
+libsecret (0.18.5-3.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * debian/patches/0004-tests-collection-add-setup-delay.patch:
++ Fix failing test "collection/delete-sync" by correctly placing
+ the delay. Closes: #855951.
+
+ -- Carsten Leonhardt &l
Control: tags -1 - moreinfo
Ivo De Decker writes:
> Please go ahead with the upload and remove the moreinfo tag from this bug once
> the package is in unstable and built on all architectures.
it's in installed on all release architectures now.
- Carsten
Hi Ivo,
> On Sun, Feb 26, 2017 at 09:36:30PM +0100, Ivo De Decker wrote:
>> Control: tags -1 confirmed moreinfo
>>
>> Hi,
>>
>> On Sun, Feb 26, 2017 at 08:30:48PM +0100, Carsten Leonhardt wrote:
>> > Please unblock package bacula
>> &
+dfsg/debian/changelog 2017-02-26 13:39:25.0 +0100
@@ -1,3 +1,10 @@
+bacula (7.4.4+dfsg-6) unstable; urgency=medium
+
+ [Sven Hartge]
+ * Backport fix for btape fill test from 7.4.5 (Closes: #855645)
+
+ -- Carsten Leonhardt <l...@debian.org> Sun, 26 Feb 2017 13:39:25 +0100
+
bacula
Ian Jackson writes:
> Reading that bug I think it's a shame that we didn't manage to
> effectively identify the issues we've now discussed here on -devel
> earlier, despite Kurt's several messages to d-d-a.
Concerns were already raised in June, in the subthread
19 matches
Mail list logo