Re: Wheezy update of hplip for CVE-2015-0839

[Ola Lundqvist <ola@inguza.com>]

Hi Didier

Some comments on the debdiff.

The release name for wheezy is wheezy-security, not stable-security
(nor oldstable-security).

Apart from that I think the change looks fine to me. Will you send out
the DLA regarding this or do you want me to do that?

Please have a look here to see the work-flow:
https://wiki.debian.org/LTS/Development

If you want me to send the DLA, please let me know.

If you decide to send out the DLA yourself, please make sure the
package is accepted in the archives before you send out the DLA.
It may not be accepted due to missing .orig file for example. I think
you need to included the .orig file as this update is new to
wheezy-security repo.

Best regards

// Ola


On 27 December 2016 at 14:21, Didier 'OdyX' Raboud <odyx@debian.org> wrote:
> Dear LTS Team,
>
> I'd like to get CVE-2015-0839 fixed in wheezy, it's a no-DSA issue, and
> security team members suggested to get it fixed in stable and oldstable.
>
> This bug is a simple 'fetching gpg key from keyservers with a short
> keyid' problem, and upstream's fix is to use the full fingerprint.
>
> The debdiff is attached, can I upload as -is ?
>
> Cheers,
>         OdyX



-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------