Control: tag -1 confirmed Julien Cristau <jcristau@debian.org> (2014-11-10): > On Mon, Nov 10, 2014 at 16:28:28 +0000, Simon McVittie wrote: > > > Please unblock package dbus to pick up the denial of service fix > > that I just released (CVE-2014-7824): > > > > unblock dbus/1.8.10-1 > > > > The new upstream release does not introduce any changes other than > > the security fix and the new version metadata, so I imported it > > as-is rather than doing a trivial "backport". > > > > I attach a filtered source debdiff with autotools noise excluded > > (we re-generate the autotools files with autoreconf during the build > > anyway), and a full source debdiff. > > > cc-ing d-i release manager to ack the udeb unblock. Approved from the > -release side. I was a bit surprised not to see the d-i build fetch packages from unstable I stored into build/localudebs, but it appears dbus isn't used in d-i yet; it probably would be if we switched to gtk3 (the packages mentioned as reverse dependencies are those I filed bug reports against because they were uninstallable at first). Checking older build logs, I don't see any match for dbus-udeb or its library udeb, so no objection. (You'll find the reverse dependency graph attached.) Mraw, KiBi.
Attachment:
libdbus-1-3-udeb.png
Description: PNG image
Attachment:
signature.asc
Description: Digital signature
