Re: Stable update of dajaxice
2011/2/26 Thijs Kinkhorst <thijs@debian.org>:
> Hi Angel,
>
> On Thursday 24 February 2011 12:27:21 Angel Abad wrote:
>> 2011/2/24 Adam D. Barratt <adam@adam-barratt.org.uk>:
>> > Hi,
>> >
>> > On Thu, February 24, 2011 10:16, Angel Abad wrote:
>> >> I've prepared an upload to stable for package dajaxice, since
>> >> python-django was patched for problems related with crsf cookies,
>> >> dajaxice is unusable in squeeze.
>> >
>> > Was this issue introduced as a side-effect of the changes in DSA-2163-1,
>> > specifically those marked as backwardly-incompatible? If so then it
>> > would be good if this could also be fixed via the security archive, as
>> > the regression was introduced in a security update (albeit in a
>> > different package); I've CCed the security team for comment.
>>
>> Yes, you are right is a side-effect of DSA-2163-1 - CVE-2011-0696
>
> Please upload the package to security-master then. Note that you need to
> change the target in the changelog and build the package with full source (-sa
> flag). Full checklist of packages for security-master is here:
> http://www.debian.org/doc/developers-reference/pkgs.html#bug-security-building
>
> The security team will then take care of releasing it through security-master.
Uploaded,
Thanks for your help in my first security upload.
Regards!
> Cheers,
> Thijs
>
--
Angel Abad
angelabad@gmail.com | angelabad@ubuntu.com | angelabad@fsfe.org
http://www.pastelero.net
FPR: EBF6 080D 59D4 008A DF47 00D4 098D AE47 EE3B C279
Reply to: