fredagen den 5 augusti 2016 22.16.29 skrev Ola Lundqvist: > Hi Magnus and LTS team > > Magnus, Niels and I have been discussing the nettle update due to > https://security-tracker.debian.org/tracker/CVE-2016-6489 > > Magnus has started to prepare a wheezy update but had a few > questions. Here are some information that you should know about. > https://wiki.debian.org/LTS/Development > > One question from Magnus was what should be mentioned in the changelog. > I suggest something like this: > "Protect against potential timing attacks against exponentiation operations > as described in CVE-2016-6489 RSA code is vulnerable to cache sharing > related attacks." Hmm, that sounds like two sentences in one... > Magnus, please let me know if you want to upload the correction too and > whether you want to issue the DLA or whether you want me to do that. We > want to time the DLA and the upload so they are close to each other in time. I think you can do that. But I should coordinate with the stable security team too. I suppose you're not involved with that? > Magnus, if you decide to build the package for upload, please make sure to > use the -sa option as wheezy-security need to know about the orig tar file. > If not the package upload will be rejected. OK, thanks. -- Magnus Holmgren holmgren@debian.org Debian Developer
Attachment:
signature.asc
Description: This is a digitally signed message part.