Hello Mathieu, Two things about your debdiff that I would suggest before this is uploaded: 1. Please set the priority to medium in the changelog to match the CVE priority, and I'm not sure the references to the other releases are needed, this can be dealt with in the DEP-3 header (see below). 2. Adding a DEP-3 header helps parse your patch in a machine-readable format, please update your patch to use it: http://dep.debian.net/deps/dep3/
Lastly, in order to properly do the triaging on the tracker[1], could you please tell us if Zesty and Artful are applicable, or if it is fixed in Xenial and on, and also which upstream release it was fixed in? After the above is taken care of, it should be good to upload, unless anyone else has feedback. Thank you for your contribution to Ubuntu and your willingness to get this fixed! [1] https://people.canonical.com/~ubuntu- security/cve/2015/CVE-2015-3206.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1716429 Title: pykerberos for trusty does not include CVE-2015-3206 fix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pykerberos/+bug/1716429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs