Hi,
Am 02.03.2010 17:08, wrote Jamie Strandboge:
NAK. The debdiff drops the changes introduced in hardy1 and hardy2.
Please update the debdiff and I'll review it.
I'm sorry, could you elaborate what change the debdiff drops?
Change of hardy1 to hardy2 was switched libneon-gnutls-dev to
Actually, it is my mistake. I was thinking that you were taking the
package from intrepid and therefore lost the hardy changes, when in fact
you were taking the hardy-backports version and applying the patch. I
think since you did it this way you should use
'1.5.1dfsg1-1ubuntu2~hardy3' instead.
Hi John,
thanks for taking some time to look into this.
Any progress so far?
Best regards,
Arnd
--
Please backport security fix for USN-812-1 in subversion 1.5
https://bugs.launchpad.net/bugs/411849
You received this bug notification because you are a member of Ubuntu
Backports Testing Team,
NAK. The debdiff drops the changes introduced in hardy1 and hardy2.
Please update the debdiff and I'll review it.
--
Please backport security fix for USN-812-1 in subversion 1.5
https://bugs.launchpad.net/bugs/411849
You received this bug notification because you are a member of Ubuntu
Backports
I meant to also say that a debdiff should not be required-- it should be
a matter of someone from the backports team processing the request (I've
not reviewed this particular case though).
--
Please backport security fix for USN-812-1 in subversion 1.5
https://bugs.launchpad.net/bugs/411849
You
The patch
http://launchpadlibrarian.net/30423782/subversion_1.5.1dfsg1-1ubuntu2.1~hardy1.debdiff
posted by Arnd looks reasonable to me, and should be applied to hardy-
backports. This will require a core-dev sponsor to upload. The
-backports team ACKs the debdiff and apologizes for the
Wow, clearly the coffee didn't kick in well this morning I can
upload the debdiff. Doing so now!
--
Please backport security fix for USN-812-1 in subversion 1.5
https://bugs.launchpad.net/bugs/411849
You received this bug notification because you are a member of Ubuntu
Backports Testing
** Changed in: hardy-backports
Status: New = Fix Committed
--
Please backport security fix for USN-812-1 in subversion 1.5
https://bugs.launchpad.net/bugs/411849
You received this bug notification because you are a member of Ubuntu
Backports Testing Team, which is subscribed to Hardy
*groan* Looks like I'm not allowed to upload there anymore... Requesting
core-dev sponsorship on said patch!
** Changed in: hardy-backports
Status: Fix Committed = In Progress
--
Please backport security fix for USN-812-1 in subversion 1.5
https://bugs.launchpad.net/bugs/411849
You
On 02/09/2010 05:15 PM, Arnd wrote:
Hi John,
John Vivirito wrote:
Since you have diff on the bug. Is this still up to date?
other than that i subscribed the team to look at i
Yes bug is still valid.
Most recent version in the backports repos is
1.5.1dfsg1-1ubuntu2~hardy2
which is still
Subscribed Ubuntu Security Team to review the diff above
--
Please backport security fix for USN-812-1 in subversion 1.5
https://bugs.launchpad.net/bugs/411849
You received this bug notification because you are a member of Ubuntu
Backports Testing Team, which is subscribed to Hardy Backports.
On 02/03/2010 08:15 AM, Arnd wrote:
Hi John,
John Vivirito wrote:
On 02/03/2010 05:18 AM, mark wrote:
Mind you, it does say in the Ubuntu release notes that backports aren't
going to have security fixes etc on them... So its one of those problems
I suppose
The fix will be
Hi John,
John Vivirito wrote:
Since you have diff on the bug. Is this still up to date?
other than that i subscribed the team to look at i
Yes bug is still valid.
Most recent version in the backports repos is
1.5.1dfsg1-1ubuntu2~hardy2
which is still vulnerable to the mentioned attack.
Best
I cannot believe this hasn't been fixed, makes me seriously re-think the
idea of possibly moving to something like Ubuntu Server for production
environment!
--
Please backport security fix for USN-812-1 in subversion 1.5
https://bugs.launchpad.net/bugs/411849
You received this bug notification
Mind you, it does say in the Ubuntu release notes that backports aren't
going to have security fixes etc on them... So its one of those problems
I suppose
--
Please backport security fix for USN-812-1 in subversion 1.5
https://bugs.launchpad.net/bugs/411849
You received this bug notification
I understand that the ubuntu security team does not officially support
backports.
But in this particular case, where the security fix was already done for the
exact same packet in intrepid, I simply have problems to understand that noone
takes a few secs to start a rebuild of the package.
On 02/03/2010 05:18 AM, mark wrote:
Mind you, it does say in the Ubuntu release notes that backports aren't
going to have security fixes etc on them... So its one of those problems
I suppose
The fix will be pushed to *-security repo not backports if and
when its fixed
--
Sincerely Yours,
Hi John,
John Vivirito wrote:
On 02/03/2010 05:18 AM, mark wrote:
Mind you, it does say in the Ubuntu release notes that backports aren't
going to have security fixes etc on them... So its one of those problems
I suppose
The fix will be pushed to *-security repo not backports if
Ping?
--
Please backport security fix for USN-812-1 in subversion 1.5
https://bugs.launchpad.net/bugs/411849
You received this bug notification because you are a member of Ubuntu
Backports Testing Team, which is subscribed to Hardy Backports.
--
ubuntu-backports mailing list
What should I do to get this fix uploaded to the ubuntu backports
repositories?
--
Please backport security fix for USN-812-1 in subversion 1.5
https://bugs.launchpad.net/bugs/411849
You received this bug notification because you are a member of Ubuntu
Backports Testing Team, which is subscribed
It's quite embarrassing that this is still not even confirmed.
Maybe the ubuntu backports process is somehow broken?
This is a known, easy to fix security bug. It's ridiculous that I had to report
it in the first place.
--
Please backport security fix for USN-812-1 in subversion 1.5
I copied the fix from intrepid and uploaded the resulting package to my PPA:
https://launchpad.net/~arnd-arndnet/+archive/ppa
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-2411
** Visibility changed to: Public
--
Please backport security fix for USN-812-1 in subversion
22 matches
Mail list logo
