Re: [RFC] Collecting changelog entries in projectb
On Fri, 26 Feb 2010 at 11:21:08 +0000, Philipp Kern wrote:
> Post-upload corrections?
I assume Charles refers to this practice: imagine I maintained hello, and
uploaded upstream release 6.6 without initially realising that it contained
a security fix:
hello (6.6-1) unstable; urgency=low
* New upstream release.
-- Simon McVittie <smcv@debian.org> Tue, April 1, 2038 09:00:00 +0000
Then in a later upload, I'd want to correct that:
hello (6.6-2) unstable; urgency=medium
* Add patch from upstream to fix build on knetbsd-mipsel and
knetbsd-toaster (Closes: #666666)
* Retroactively note CVE number for 6.6-1
-- Simon McVittie <smcv@debian.org> Wed, April 2, 2038 09:00:00 +0000
hello (6.6-1) unstable; urgency=low
* New upstream release.
- Fixes a buffer overflow in excessively long greetings (CVE-2038-001)
-- Simon McVittie <smcv@debian.org> Tue, April 1, 2038 09:00:00 +0000
(I conjecture that by 2038, Debian will run on toasters, GNU hello will
be security-sensitive, and we'll still be fixing buffer overflows...)
S
Reply to: