Bug#775165: nmu: binutils-mingw-w64_2 (wheezy-security, wheezy-p-u)
On Mon, 2015-01-12 at 09:52 +0100, Stephen Kitt wrote:
> Le 12/01/2015 08:15, Adam D. Barratt a écrit :
> > On Mon, 2015-01-12 at 06:47 +0100, Stephen Kitt wrote:
> >> binutils was recently updated in wheezy-security and wheezy-p-u to fix
> >> a number of security issues identified in DSA-3123-1; of these, a
> >> number concern binutils-mingw-w64 as well, so it would be great if it
> >> could be rebuilt in those suites... (It will pick up the patches from
> >> binutils-source.)
> >
> > We won't schedule binNMUs in -security for packages that DSAs haven't
> > been issued for, at least not without the security team's request /
> > agreement - it's just going to confuse everyone.
>
> Right, I should have mentioned that Michael Gilbert suggested I file
> this after I asked what I should do about the DSA. I've asked the
> security team to confirm this request.
Okay, thanks for the explanation. We'll hold off until that's confirmed.
> >> nmu binutils-mingw-w64_2 . ALL . -m "Rebuild for DSA-3123-1
> >> (CVE-2014-8501, CVE-2014-8502, CVE-2014-8737, CVE-2014-8738)."
> >
> > For suites other than unstable, the suite name needs to be specified in
> > the call (the above will simply fail, as wanna-build won't find the
> > specified version in unstable).
>
> Indeed, sorry about that:
>
> nmu binutils-mingw-w64_2 . ALL . wheezy-proposed-updates . -m "Rebuild
> for DSA-3123-1 (CVE-2014-8501, CVE-2014-8502, CVE-2014-8737,
> CVE-2014-8738)."
> nmu binutils-mingw-w64_2 . ALL . wheezy-security . -m "Rebuild for
> DSA-3123-1 (CVE-2014-8501, CVE-2014-8502, CVE-2014-8737,
> CVE-2014-8738)."
fwiw we won't do both of those. If the package is binNMUed in -security
then the packages will get copied from there to p-u, as they do for
source uploads.
Regards,
Adam
Reply to: