Re: [debian-lts]libevent package
Hi,
On Thu, 15 Jan 2015, Nguyen Cong wrote:
> Could any one please review it and give me some comments.
I include my comments below but for your next contributions, I would like
you to also prepare the small paragraph of explanation that we need to put
in the announce that we send to debian-lts-announce. That would save us
a little bit of time.
> +libevent (1.4.13-stable-1~deb6u1) squeeze-lts; urgency=low
The version is not correct, it needs to use "+" instead of "~" because
"1.4.13-stable-1~deb6u1" is lower that the current "1.4.13-stable-1" and
it would thus not be accepted. We use the tilde when we backport a new
upstream version so that the version is lower that the non-backportted
version (in jessie/unstable).
> + * Non-maintainer upload.
It's nice to mention that this is work made in the context of the LTS team
so I tend to write "Non-maintaine upload by the Debian LTS team".
> + * Fix potential heap overflow in buffer/bufferevent APIs as in CVE-2014-6272
> + Refer to upstream commit: 7b21c4eabf1f3946d3f63cce1319c490caab8ecf
Since we don't have any patch header here, it's nice to include an URL
to the upstream patch that we used.
Also since there is an associated Debian bug, it's good to add the bug
closure so that the BTS knows that the bug has also been fixed in the
squeeze branch.
I fixed all those small issues and I uploaded the resulting package.
Thank you!
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Reply to: