Binary NMU requested for mailman in sarge [was: mailman 2.1.5-8sarge3: screwup between security and maintainer upload]

To: debian-release@lists.debian.org, security@debian.org, 358575@bugs.debian.org, pkg-mailman-hackers@lists.alioth.debian.org
Subject: Binary NMU requested for mailman in sarge [was: mailman 2.1.5-8sarge3: screwup between security and maintainer upload]
From: Lionel Elie Mamane <lionel@mamane.lu>
Date: Thu, 7 Sep 2006 11:21:35 +0200
Message-id: <[🔎] 20060907092135.GA9809@capsaicin.mamane.lu>
Mail-followup-to: debian-release@lists.debian.org, security@debian.org, 358575@bugs.debian.org, pkg-mailman-hackers@lists.alioth.debian.org
In-reply-to: <[🔎] 20060906100334.GA28076@capsaicin.mamane.lu>
References: <[🔎] 20060906100334.GA28076@capsaicin.mamane.lu>

On Wed, Sep 06, 2006 at 12:03:34PM +0200, Lionel Elie Mamane wrote:

> There seems to have been a screw-up in handling of mailman security
> and stable updates: There are two different mailman packages in Debian
> with version number 2.1.5-8sarge3.

>  -8sarge3 maintainer update (that got frozen waiting for -8sarge2 to
>   happen in order not to conflict with it) to fix bug #358575, a
>   severity critical bug.

>  -8sarge3 security update to fix:
>   formt string vulnerability [src/common.c, debian/patches/72_CVE-2006-2191.dpatch]
> 

> The situation right now:

>  - sarge r3 contains mailman 2.1.5-8sarge3, but some architectures
>    have the security update (such as i386) and others have the
>    maintainer update (such as source, sparc and alpha).

>    Thus all architectures are screwed up in one way or the other.

> Stable release team, please react accordingly; you may for example
> do a binary sourceless NMU for the architectures that have -8sarge3
> the security update so that they all have -8sarge3 the maintainer
> update.

I have now heard about what the security problem addressed in -8sarge3
the security update is. It is believed not to be exploitable. I thus
now officially request a binary NMU to replace -8sarge3 the security
update by -8sarge3 the maintainer update on the arches that have
-8sarge3 the security update.

-- 
Lionel

Reply to:

Follow-Ups:
- Re: Binary NMU requested for mailman in sarge [was: mailman 2.1.5-8sarge3: screwup between security and maintainer upload]
  - From: Steve Langasek <vorlon@debian.org>

References:
- mailman 2.1.5-8sarge3: screwup between security and maintainer upload
  - From: Lionel Elie Mamane <lionel@mamane.lu>

Prev by Date: Re: ABI changes in gnomeVFS 2.16
Next by Date: Re: Binary NMU requested for mailman in sarge [was: mailman 2.1.5-8sarge3: screwup between security and maintainer upload]
Previous by thread: Bug#358575: mailman 2.1.5-8sarge3: screwup between security and maintainer upload
Next by thread: Re: Binary NMU requested for mailman in sarge [was: mailman 2.1.5-8sarge3: screwup between security and maintainer upload]
Index(es):
- Date
- Thread