Bug#861120: pre-approval: security update of apt-cacher/1.7.13

To: Mark Hindley <mark@hindley.org.uk>, 861120@bugs.debian.org
Subject: Bug#861120: pre-approval: security update of apt-cacher/1.7.13
From: Niels Thykier <niels@thykier.net>
Date: Tue, 02 May 2017 05:31:00 +0000
Message-id: <[🔎] a6668974-94e2-4454-69c0-d6054334de05@thykier.net>
Reply-to: Niels Thykier <niels@thykier.net>, 861120@bugs.debian.org
In-reply-to: <20170424190430.27486.98110.reportbug@apollo>
References: <20170424190430.27486.98110.reportbug@apollo>

Control: tags -1 confirmed moreinfo

Mark Hindley:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> As the maintainer of apt-cacher I would like to seek pre-approval for an update
> to apt-cacher/1.7.13 in testing to fix a security issue.
> 
> CVE-2017-7443 identified a HTTP splitting security issue (#858739) in
> apt-cacher. This was fixed in unstable with upload of version 1.7.15 on 25th
> March with no regressions reported since. Targeted updates have already been
> made to wheezy and approved for jessie (with upload pending).
> 
> apt-cacher 1.7.13 in testing is still vulnerable. I have packaged 1.7.13+debu9u1
> with a targeted backport of the fix. I would like to seek pre-approval of upload
> to testing.
> 
> The debdiff against 1.7.13 is:
> 
> Changes at debian/1.7.13
> 	Modified   apt-cacher
> [...]
> 
> Thanks,
> 
> Mark
> 
> [...]
> 

Ack, please go ahead and remove the "moreinfo" tag once the upload has
been carried it out.

Thanks,
~Niels

Reply to:

Follow-Ups:
- Bug#861120: pre-approval: security update of apt-cacher/1.7.13
  - From: Mark Hindley <mark@hindley.org.uk>

Prev by Date: Bug#861628: unblock: mediawiki/1:1.27.3-1
Next by Date: Processed: Re: Bug#861120: pre-approval: security update of apt-cacher/1.7.13
Previous by thread: Bug#861628: marked as done (unblock: mediawiki/1:1.27.3-1)
Next by thread: Processed: Re: Bug#861120: pre-approval: security update of apt-cacher/1.7.13
Index(es):
- Date
- Thread