Moritz Muehlenhoff <jmm@inutil.org> (2015-03-02): > > NACK, it won't make it into testing this way. > > > > See <20150106090747.GC27249@ugent.be> and mails before that. > > > > Haven't had a chance to upload what I proposed, but I can look at > > including your changes on top of mine, somewhen today. (It was > > basically waiting on the d-i release, which happened earlier.) > > I'm slightly confused here. Is 1:1.22.0-9+deb8u1 different from > the upload you mentioned above? It's basically the same thing as I proposed initially, but with different changes in the git history because 1. the maintainer was calling me a liar; and 2. the uploader didn't want to touch git, so the end result is a single commit stating that the NMU was imported, with the bug closure. > jessie has CVE-2014-4607 fixed, but not CVE-2014-9645 (which isn't > terribly severe and which could be tagged no-dsa if no further > busybox upload is planned for jessie). I guess someone with enough time could stack this extra change on top of the jessie branch, and either let it stay there, or upload the package at the same time. Sorry, I lost track of that extra fix and didn't think of it when Mehdi proposed NMUing it for the first CVE fix. Mraw, KiBi.
Attachment:
signature.asc
Description: Digital signature