Re: Upload request: chasquid 1.13-1

To: Alberto Bertogli <albertito@blitiri.com.ar>, debian-go@lists.debian.org
Subject: Re: Upload request: chasquid 1.13-1
From: Nilesh Patra <nilesh@mailbox.org>
Date: Tue, 26 Dec 2023 20:52:21 +0530 (IST)
Message-id: <[🔎] 2009592720.110629.1703604141393@office.mailbox.org>
In-reply-to: <[🔎] ZYrj3UFQoV0N4TrN@blitiri.com.ar>
References: <[🔎] ZYrj3UFQoV0N4TrN@blitiri.com.ar>

On 12/26/2023 8:01 PM IST Alberto Bertogli <albertito@blitiri.com.ar> wrote:
> Hi!
> 
> I updated package chasquid to the latest upstream version, 1.13.
> 
> https://salsa.debian.org/go-team/packages/chasquid/
> 
> Can someone please review the changes and upload?
>
> There are no changes to the Debian package, it is just a merge with upstream's
> new release, and got no new complaints from lintian.

Uploaded, thank you!

> This release includes a fix for a newly discovered SMTP attack (SMTP 
> smuggling). Full changelog at 
> https://blitiri.com.ar/p/chasquid/relnotes/#113-2023-12-24.
> 
> Please let me know if you have any questions or comments!

Would it be possible to backport the SMTP smuggling patch to current chasquid stable version?
IMHO security vulnerabilities like this warrant a p-u[1]

[1]: https://www.debian.org/releases/proposed-updates

Best,
Nilesh

Reply to:

Follow-Ups:
- Re: Upload request: chasquid 1.13-1
  - From: Alberto Bertogli <albertito@blitiri.com.ar>

References:
- Upload request: chasquid 1.13-1
  - From: Alberto Bertogli <albertito@blitiri.com.ar>

Prev by Date: Bug#1059471: ITP: golang-github-maxatome-go-testdeep -- Extremely flexible golang deep comparison
Next by Date: Re: RFS: rclone (update) + dep
Previous by thread: Upload request: chasquid 1.13-1
Next by thread: Re: Upload request: chasquid 1.13-1
Index(es):
- Date
- Thread