[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cinnamon security issue caused by segfault in caribou (as regression of xorg CVE-2020-25712 fix)

Hi Fabio,

On Sat, 16 Jan 2021, Fabio Fantoni wrote:
> Yesterday not seeing any answer on debian I prepared a MR on caribou
> that solves the problem:
> https://salsa.debian.org/gnome-team/caribou/-/merge_requests/2
> I already tested tested build
> (http://debomatic-amd64.debian.net/distribution#unstable/caribou/0.4.21-7.1~/buildlog
> <http://debomatic-amd64.debian.net/distribution#unstable/caribou/0.4.21-7.1~/buildlog>),
> installed and verified that issue is not reproducible anymore.
> I should do other things to make possible apply it ASAP?

Please do
* send an email to the bug report clearly stating that you will NMU
  this, and attach the debdiff (nmudiff)
  State that you will upload directly (without delay) after 7 days
  according to https://www.debian.org/doc/manuals/developers-reference/pkgs.html#nmu
* wait and hope

* upload *now* to DELAY/9
* write to the bug report that according to (above link), after 7 days
  of no activity a 0-delay is fine, and even if there is activity 
  a delay/2 is fine - that gives in sum at max a delay/9

That way we can do that now and forget about it ;-)

If you need the actual upload done, please prepare the package and send
me either a dget-able .dsc source, or the package.



PREINING Norbert                              https://www.preining.info
Accelia Inc. + IFMGA ProGuide + TU Wien + JAIST + TeX Live + Debian Dev
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

Reply to: