Re: Allow pyrad 1.2-1+deb7u1 into wheezy
Hi all
On Sun, Feb 17, 2013 at 12:19:00AM +0000, Jonathan Wiltshire wrote:
> On Sun, Feb 17, 2013 at 12:16:32AM +0100, Jeremy Lainé wrote:
> > Dear release team,
> >
> > Yesterday the following security vulnerability in the "pyrad"
> > package was brought to my attention by Salvatore Bonaccorso:
> >
> > https://security-tracker.debian.org/tracker/CVE-2013-0294
> >
> > It is tracked in the following bug:
> >
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700669
> >
> > I have uploaded version 1.2-1+deb7u1 targeted at
> > testing-proposed-updates (debdiff attached), as unstable carries a
> > different upstream version. Could you please let this version into
> > wheezy?
>
> It's traditional to seek approval *before* uploading; more so in this case
> since adding a patch system is a no-no. The change itself is fine, please
> upload with this only. You will have to bump the version number IIRC.
I was involved reporting the problem: I noticed now a possible problem
about the versioning:
Current situation:
pyrad | 1.2-1 | squeeze | source
pyrad | 1.2-1 | wheezy | source
pyrad | 1.2-1+deb7u1 | wheezy-p-u | source
pyrad | 2.0-2 | sid | source
Assuming there will be also either a DSA or a pu for pyrad, how should
that be versioned? Traditionally for Squeeze it was +squeeze1, but:
1.2-1 <= 1.2-1+deb7u1
but
1.2-1+squeeze1 is not smaller than 1.2-1 or 1.2-1+deb7u1.
Regards,
Salvatore
Reply to: