Quoting Alexander Golovko (alexandro@ankalagon.ru): > Package: release.debian.org > Severity: normal > User: release.debian.org@packages.debian.org > Usertags: unblock > > Hi! > > Please unblock bacula-* packages, it fixes multiple bugs, include > CVE-2012-4430, crashes and debian policy violations: > > #687923 - security issue CVE-2012-4430 > #688732 - bacula-fd save only first xattr on file > #682733 - unowned files after purge > #680051 - switch between bacula-director-<dbtype> > #679958 - incorrect systemd service file > Fix unsafe bacula-director passwords. > Fix bacula-fd crash on saving xattr on btrfs. > > > Also new version include useful for DSA team [1] security improvement - > ability to run bacula-fd without root privileges (#683080) > > > There are also other changes in packages, i don't know need you see > more detailed description about this changes. Most of them are > not so important bugfixes, as listed above and several minor > wishlistes, that should not affect to stability. > > Thank you very much! > > > [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683080#75 > > > unblock bacula/5.2.6+dfsg-5 Among other things, that would break completeness for l10n in testing. OK, admitedly, we have a running update round but nothing at this point guarantees me that l10n updates will be accepted eternally by the release team. At some point, even those will be blocked. And I don't want to risk blocking one of the i18n team goals. My understanding was that the debconf changes you had in unstable were *not* meant for wheezy. So, it seems that this release mixes release-critical fixes and non critical fixes. Therefore, and even though my advice is only....an advice...as I'm not a release team member, I would like to object to this unblock. Given that bacula version in unstable now implements the non critical fixes, I guess that your only option is uploading them through testing-proposed-updates, if the release team doesn't grant the unblock.
Attachment:
signature.asc
Description: Digital signature