[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Shadow updates for sarge (was: )Re: Packages awaiting proposed-updates moderation)

(this mail summarizes the situation for shadow in sarge)

Quoting Martin Zobel-Helas (zobel@ftbfs.de):
> Hi,
> for those who wonder why their package did not yet hit proposed-updates,
> they want to have a look on [1] and [2].
> The backlog we had is now decreasing, d-i builds should have been
> started by now.

The shadow package you have pending (4.0.3-31sarge7) must be synced
with the security update that's in the hands of the security team.

The security team has been provided with a fix for CVE-2006-3378. The
diff.gz I provided them is numbered 4.0.3-31sarge6. It DOES NOT
include the update related to #356939 which is included in
4.0.3-31sarge7 that's in your hands (SRM team).

So, we currently have two updates pending for shadow:

-31sarge6 with the CVE-2006-3378 fix, in the hands of the security
-31sarge7 with the fix related to #356939, in the hands of the SRM

Ideally, a version with both fixes should go in proposed-updates as
soon as 31sarge6 is accepted by the security team. That version should
be numbered 31sarge8.

Another option is to build 31sarge6 with BOTH fixes, of course. This
"just" needs syncing between the SRM team, the security team and
probably the ftpmasters.

Given that I'm away for 3 weeks from now, I leave all this in the
hands of my co-maintainer, Nicolas François (nekral on IRC). Please
get in touch with him for ANY issue related to shadow (please CC me or
pkg-shadow-devel@lists.alioth.debian.org). His mail address is CC'ed
to this mail and he is mentioned in the package Uploaders.

Nicolas may need sponsored uploads as he's not a DD. 

Attachment: signature.asc
Description: Digital signature

Reply to: