Bug#861120: pre-approval: security update of apt-cacher/1.7.13
Control: tags -1 confirmed moreinfo
Mark Hindley:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
>
> As the maintainer of apt-cacher I would like to seek pre-approval for an update
> to apt-cacher/1.7.13 in testing to fix a security issue.
>
> CVE-2017-7443 identified a HTTP splitting security issue (#858739) in
> apt-cacher. This was fixed in unstable with upload of version 1.7.15 on 25th
> March with no regressions reported since. Targeted updates have already been
> made to wheezy and approved for jessie (with upload pending).
>
> apt-cacher 1.7.13 in testing is still vulnerable. I have packaged 1.7.13+debu9u1
> with a targeted backport of the fix. I would like to seek pre-approval of upload
> to testing.
>
> The debdiff against 1.7.13 is:
>
> Changes at debian/1.7.13
> Modified apt-cacher
> [...]
>
> Thanks,
>
> Mark
>
> [...]
>
Ack, please go ahead and remove the "moreinfo" tag once the upload has
been carried it out.
Thanks,
~Niels
Reply to: