Bug#685961: pu: package alpine/2.00+dfsg-6+squeeze1

To: Asheesh Laroia <asheesh@asheesh.org>, 685961@bugs.debian.org
Subject: Bug#685961: pu: package alpine/2.00+dfsg-6+squeeze1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Mon, 27 Aug 2012 19:25:50 +0100
Message-id: <[🔎] 1346091950.12289.9.camel@jacala.jungle.funky-badger.org>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 685961@bugs.debian.org
In-reply-to: <[🔎] 20120827014859.10506.12332.reportbug@pathi.makesad.us>
References: <[🔎] 20120827014859.10506.12332.reportbug@pathi.makesad.us>

Control: tags -1 + squeeze confirmed

On Sun, 2012-08-26 at 18:48 -0700, Asheesh Laroia wrote:
> (This is my first stable proposed update, so if I get a process item wrong,
> please pardon me and help me correct it. Thanks!)

Overall, it looks good; thanks. :-)

> Bug #653238 describes a crasher bug, possibly a security vulnerability, in
> alpine. The security team has indicated on the bug that they're not going to
> open a Debian Security Advisory for the alpine bug, and indicate, "You/the
> maintainer may choose to fix it in (old)stable through a point update, or leave
> it at this." I choose to update stable through a point update.

I assume from reading through the bug report that the issue does not
affect the version of alpine currently in wheezy / sid?  If so, please
add an appropriate fixed version to make this clear.

> I've prepared a minimal package update that adds the patch that fixes the
> issue. I've tested that it builds fine in a stable pbuilder; before uploading,
> I have tested it on a machine running stable, where it works fine.

Assuming my comment above about the issue not affecting wheezy and sid
is correct, please feel free to go ahead with the upload, having updated
the bug report as above.

Oh, actually:

+alpine (2.00+dfsg-6+squeeze1) squeeze; urgency=low

That's fine, but there's currently a dak bug which means that "squeeze"
in the distribution doesn't work; you'll need to either make it
"stable", or wait for the dak bug to get fixed.  (#685807)

> As a footnote: I believe the process on my end is:
> 
> * Get y'all's approval
> * Upload the package using "dput ftp-master alpine_2.00+dfsg-6+squeeze1.dsc"
> (with a binary package, as usual in Debian)
> * Watch it flow through into squeeze-updates with no further effort from me

Almost, except it'll hit proposed-updates (once a member of the release
team has flagged it appropriately to dak).  squeeze-updates is a
particular subset of p-u which is made separately available earlier than
the point release (of course p-u is publicly available anyway, but not
everyone wants to enable it in their sources.list on stable machines).

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#685961: pu: package alpine/2.00+dfsg-6+squeeze1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#685961: pu: package alpine/2.00+dfsg-6+squeeze1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#685961: pu: package alpine/2.00+dfsg-6+squeeze1
  - From: Asheesh Laroia <asheesh@asheesh.org>

Prev by Date: Processed: Re: Bug#685961: pu: package alpine/2.00+dfsg-6+squeeze1
Next by Date: Bug#684763: pu: package tor/0.2.2.38-1
Previous by thread: Processed: Re: Bug#685961: pu: package alpine/2.00+dfsg-6+squeeze1
Next by thread: Bug#685961: pu: package alpine/2.00+dfsg-6+squeeze1
Index(es):
- Date
- Thread