Bug#782615: nmu: multiple bin-NMU in squeeze-lts for CVE-2013-7439

To: submit@bugs.debian.org
Subject: Bug#782615: nmu: multiple bin-NMU in squeeze-lts for CVE-2013-7439
From: Raphael Hertzog <hertzog@debian.org>
Date: Tue, 14 Apr 2015 22:12:01 +0200
Message-id: <[🔎] 20150414201201.GA23238@home.ouaza.com>
Reply-to: Raphael Hertzog <hertzog@debian.org>, 782615@bugs.debian.org

Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: binnmu
Severity: normal

Hello,

I'm wondering whether bin-NMU are possible in squeeze-lts for packages
which are not in squeeze-lts but in squeeze only.

My question is related to the handling of
https://security-tracker.debian.org/tracker/CVE-2013-7439

I have uploaded a fixed libx11 package in squeeze-lts but the packages
listed in the comment will have to be rebuilt in squeeze against
libx11-dev 2:1.3.3-4+squeeze2 available in squeeze-lts.

If it's possible, feel free to schedule the bin-NMU on amd64 and i386
as soon as the packages are built (or combine them with an appropriate
dep-wait I guess).

nmu libxrender_1:0.9.6-1+squeeze1 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw libxrender_1:0.9.6-1+squeeze1 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu libxi_2:1.3-8 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw libxi_2:1.3-8 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu libxfixes_1:4.0.5-1+squeeze1 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw libxfixes_1:4.0.5-1+squeeze1 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu libxrandr_2:1.3.0-3+squeeze1 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw libxrandr_2:1.3.0-3+squeeze1 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu libsdl1.2_1.2.14-6.1 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw libsdl1.2_1.2.14-6.1 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu libxv_2:1.0.5-1+squeeze1 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw libxv_2:1.0.5-1+squeeze1 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu libxp_1:1.0.0.xsf1-2+squeeze1 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw libxp_1:1.0.0.xsf1-2+squeeze1 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu xserver-xorg-video-vmware_1:11.0.1-2 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw xserver-xorg-video-vmware_1:11.0.1-2 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu cairo_1.8.10-6 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw cairo_1.8.10-6 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu libxext_2:1.1.2-1+squeeze1 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw libxext_2:1.1.2-1+squeeze1 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu open-vm-tools_1:8.4.2-261024-1 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw open-vm-tools_1:8.4.2-261024-1 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"


Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Reply to:

Prev by Date: Draft for a LTS press release
Next by Date: Re: [debian-lts] libvncserver package
Previous by thread: Re: [debian-lts] libvncserver package
Next by thread: squeeze update of commons-httpclient
Index(es):
- Date
- Thread