Re: Updating rush_1.7+dfsg-1 due to CVE-2013-6889.
Hi,
On Fri, 2014-01-24 at 18:51 +0100, Mats Erik Andersson wrote:
> I would like to pledge for an update of the package
>
> rush_1.7+dfsg-1
>
> within the stable release. The cause is CVE-2013-6889:
For future reference, please file such requests via the BTS; this makes
things much easier for us to track, and reportbug will automatically add
the appropriate tags for you when filing a report.
The only change I'd ask for to the supplied debdiff is:
+rush (1.7+dfsg-1+deb7u1) stable-security; urgency=high
Whilst this will work to get the package in to proposed-updates, it's
potentially confusing for users as the package was not provided via the
security archive; please use the distribution "wheezy" instead.
With the above change, please go ahead; thanks.
Regards,
Adam
Reply to: