Le 12/01/2015 08:15, Adam D. Barratt a écrit :
On Mon, 2015-01-12 at 06:47 +0100, Stephen Kitt wrote:binutils was recently updated in wheezy-security and wheezy-p-u to fix a number of security issues identified in DSA-3123-1; of these, a number concern binutils-mingw-w64 as well, so it would be great if it could be rebuilt in those suites... (It will pick up the patches from binutils-source.)We won't schedule binNMUs in -security for packages that DSAs haven't been issued for, at least not without the security team's request / agreement - it's just going to confuse everyone.
Right, I should have mentioned that Michael Gilbert suggested I file this after I asked what I should do about the DSA. I've asked the security team to confirm this request.
nmu binutils-mingw-w64_2 . ALL . -m "Rebuild for DSA-3123-1 (CVE-2014-8501, CVE-2014-8502, CVE-2014-8737, CVE-2014-8738)."For suites other than unstable, the suite name needs to be specified in the call (the above will simply fail, as wanna-build won't find the specified version in unstable).
Indeed, sorry about that:nmu binutils-mingw-w64_2 . ALL . wheezy-proposed-updates . -m "Rebuild for DSA-3123-1 (CVE-2014-8501, CVE-2014-8502, CVE-2014-8737, CVE-2014-8738)." nmu binutils-mingw-w64_2 . ALL . wheezy-security . -m "Rebuild for DSA-3123-1 (CVE-2014-8501, CVE-2014-8502, CVE-2014-8737, CVE-2014-8738)."
Regards, Stephen