[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of irssi?

On Fri, 25 Nov 2016, Rhonda D'Vine wrote:
> > After futher review, I opted to tag this no-dsa meaning that we will
> > not handle the issue by ourselves. This information leak is only
> > problematic when you run irssi on a multi-user machine and
> > when you use /upgrade.
>  That's correct.

Thanks for confirming!

> > This is not a very frequent use case. That said you are still
> > welcome to provide an update in wheezy if you wish so.
>  Interestingly enough, I tried to push it last night but fumbled with
> having forgotten to include the .orig.tar.gz into it.  I will try so
> again the coming night.

Yes, the first upload to security.debian.org needs to be built with "-sa"
to include the upstream tarball.

That's one of the downsides to using security.debian.org vs a normal
suite on ftp-master.

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Reply to: