Re: New proposed-updates diff: quassel 0.8.0-1+deb7u2

To: Thomas Mueller <thomas.mueller@tmit.eu>
Cc: debian-release@lists.debian.org
Subject: Re: New proposed-updates diff: quassel 0.8.0-1+deb7u2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 04 Jul 2014 16:09:02 +0100
Message-id: <acdd743c4dc4224119e39b247e605110@mail.adsl.funky-badger.org>
In-reply-to: <E1X343z-0000F4-Nh@franck.debian.org>
References: <E1X343z-0000F4-Nh@franck.debian.org>

Hi,

On 2014-07-04 15:02, Debian Queue Viewer wrote:

+quassel (0.8.0-1+deb7u2) wheezy; urgency=medium
+
+ The certificate in /var/lib/quassel/quasselCert.pem was accessibleby+ all local users on this server which allows users to deciphertraffic between
+  quassel core and connected clients.
+ We suggest to generate a new certificate to ensure securecommunication.
+
+ -- Thomas Mueller <thomas.mueller@tmit.eu> Thu, 03 Jul 2014 14:42:18+0200

It appears that this issue also applies to the quassel package inunstable, and has not been fixed there. What's the plan for getting thatresolved? (I'm also curious as to whether this would have been bettersuited to a security upload, fwiw.)

For future reference, where the issue affects both stable and unstable,it's expected that the fix will be applied to unstable before looking atan upload to stable (the security team may be happy to accept fixes inadvance of sid being fixed, but they can also release regression fixesmuch more quickly).


Regards,

Adam

Reply to:

Follow-Ups:
- Re: New proposed-updates diff: quassel 0.8.0-1+deb7u2
  - From: Thomas Müller <thomas.mueller@tmit.eu>

Prev by Date: Bug#753694: wheezy-pu: package libflickr-api-perl/1.01-3+deb7u1
Next by Date: Re: New proposed-updates diff: quassel 0.8.0-1+deb7u2
Previous by thread: Processed: block 753522 with 753694
Next by thread: Re: New proposed-updates diff: quassel 0.8.0-1+deb7u2
Index(es):
- Date
- Thread