Re: smuxi is marked for autoremoval from testing

[Mirco Bauer <meebey@meebey.net>]

 

On Wed, Mar 17, 2021 at 4:13 AM Moritz Mühlenhoff <jmm@inutil.org> wrote:

> Having identified the offending code the fix is a one line change on the
> other hand. I plan to upload a fixed version of log4net in the coming days.

What's the status of that upload? Patch is at
https://github.com/apache/logging-log4net/commit/d0b4b0157d4af36b23c24a23739c47925c3bd8d7

After some struggles with my pbuilder setup I have pushed the backported fix for CVE-2018-1285 to salsa [0].

Since I don't have access to my PGP key during the pandemic, I am looking for a sponsor for the upload of HEAD [1].

The source package builds from HEAD as 1.2.10+dfsg-8 and is ready for a build with gbp and upload.

 [0]: https://salsa.debian.org/dotnet-team/log4net/-/commit/3f6f2fa7927ceb8c7dd72e4f8cf4194ad3779bc6

 [1]: https://salsa.debian.org/dotnet-team/log4net/-/commit/a1a1620bb68b815713e7408824be04825e544c27

Best regards,

Mirco Bauer

Security Architect      mirco.bauer@bitgamelabs.com https://bgl.hk/

FOSS Hacker             meebey@meebey.net  https://www.meebey.net/
Debian Developer        meebey@debian.org  http://www.debian.org/
GNOME Foundation Member mmmbauer@gnome.org http://www.gnome.org/
.NET Foundation Advisory Council Member    http://www.dotnetfoundation.org/
PGP-Key ID              0x7127E5ABEEF946C8 https://meebey.net/pubkey.asc