Control: tag -1 confirmed David Prévot <taffit@debian.org> (2013-09-29): > Hi, > > As agreed with the security team and the current maintainer, we’d like > to include this security fix via the upcoming point release, because the > package has a low popcon and requires a very unusual configuration to > trigger the flaw (but with such a configuration, it completely > undermines the security model perspectives attempts to provide). > > The proposed update aim to fix the issue disclosed recently on the > upstream project website [1] and the upstream bug tracker [2]. > > 1: http://perspectives-project.org/2013/09/19/security-alert-incorrect-quorum-with-low-number-of-notaries-andor-low-quorum-percentage/ > 2: https://github.com/danwent/Perspectives/issues/87 > > The two upstream commits to fix this issue (cb3d991 and 1f85a52) apply > properly into stable once fe6551e is also applied, thus the three > patches. > > Regards > > David > > P.-S.: The fix “already” made it to Jessie. It would be nice if this could be tracked in the Debian BTS as well, both for users and for pu reviewers. Changes look good to me (as far as I can parse JS anyway), feel free to upload with a closes: added once you have opened a bug report to track this issue. Thanks already. Mraw, KiBi.
Attachment:
signature.asc
Description: Digital signature