[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#871810: cvs: CVE-2017-12836: CVS and ssh command injection

Hi Thorsten,

On Sat, Aug 12, 2017 at 05:26:22PM +0000, Thorsten Glaser wrote:
> Hi LTS team,
> >>On Sat, Aug 12, 2017 at 12:36:57PM +0200, SC)bastien Delafond wrote:
> >>>For wheezy, you'll need to check directly with the Debian LTS team, that
> >>>can be reached via debian-lts@lists.debian.org.
> is the attached debdiff ok to upload? (Specifically, is the distribution
> in the changelog set correctly?) Obviously, I’ll build it in a wheezy
> cowbuilder first.

Yes, that looks correct.  You could also do a source-only upload
(assuming that you have otherwise built/tested in a wheezy environment).

> How do I upload, i.e. to what queue do I dput, and do I use -sa?
You can dput to security-master like a normal security update and -sa
would likely get the upload rejected as the .orig.tar.gz is already in
the archive.



Roberto C. Sánchez

Attachment: signature.asc
Description: Digital signature

Reply to: