Re: New proposed-updates diff: quassel 0.8.0-1+deb7u2
Hi,
upload to stable will follow asap - I did focus on fixing stable first because of Debian 7.6 being frozen this weekend.
Take care,
Thomas
Am Freitag, den 04.07.2014 um 17:09 schrieb Adam D. Barratt:
> Hi,
>
> On 2014-07-04 15:02, Debian Queue Viewer wrote:
> > +quassel (0.8.0-1+deb7u2) wheezy; urgency=medium
> > +
> > + The certificate in /var/lib/quassel/quasselCert.pem was accessible
> > by
> > + all local users on this server which allows users to decipher
> > traffic between
> > + quassel core and connected clients.
> > + We suggest to generate a new certificate to ensure secure
> > communication.
> > +
> > + -- Thomas Mueller <thomas.mueller@tmit.eu> Thu, 03 Jul 2014 14:42:18
> > +0200
>
> It appears that this issue also applies to the quassel package in
> unstable, and has not been fixed there. What's the plan for getting that
> resolved? (I'm also curious as to whether this would have been better
> suited to a security upload, fwiw.)
>
> For future reference, where the issue affects both stable and unstable,
> it's expected that the fix will be applied to unstable before looking at
> an upload to stable (the security team may be happy to accept fixes in
> advance of sid being fixed, but they can also release regression fixes
> much more quickly).
>
> Regards,
>
> Adam
>
Reply to: