Your message dated Mon, 9 Mar 2015 14:13:00 +0100 with message-id <20150309131259.GB7464@ugent.be> and subject line Re: Bug#778338: unblock: file/1:5.22+15-1 has caused the Debian Bug report #778338, regarding unblock: file/1:5.22+15-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 778338: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778338 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: file/1:5.22+15-1
- From: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
- Date: Fri, 13 Feb 2015 18:10:30 +0100
- Message-id: <1423847230@msgid.manchmal.in-ulm.de>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Short version: Please unblock file 1:5.22+15-1 It entered unstable a few weeks ago, I did extensive testing before upoading and no issues have been reported. However, switching to a new upstream version still requires a longer explanation. Since the latest version in jessie (1:5.20-2), at least six¹ security issues were fixed upstream. The usual way to handle this in Debian was to cherry-pick the relevant commits from upstream. Together with the required prerequsites, this would have resulted in some 18 commits to add to the patch queue, creating a complex start for file in jessie. My decision to forward to a new upstream version (plus some more commits) instead was also driven by the experience of backporting fixes for wheezy and squeeze-lts which became quite complex, always carrying the risk of introducing new bugs. For jessie, I'd like to start at a late point so fixing future security bugs will be easier. Note, I have not attached the debdiff as it's rather huge, some 69k lines. I will hand it in later upon request. Kind regards, Christoph ¹ <https://security-tracker.debian.org/tracker/source-package/file> Unless noted in the tracker, the sid version of file does contain the fix for CVE-2014-9653. Upstream fix is commit 445c8fb (FILE5_21-10-g445c8fb) which is included in 5.22.Attachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>, 778338-done@bugs.debian.org
- Cc: Niels Thykier <niels@thykier.net>
- Subject: Re: Bug#778338: unblock: file/1:5.22+15-1
- From: Ivo De Decker <ivodd@debian.org>
- Date: Mon, 9 Mar 2015 14:13:00 +0100
- Message-id: <20150309131259.GB7464@ugent.be>
- In-reply-to: <[🔎] 1425884038@msgid.manchmal.in-ulm.de>
- References: <1423847230@msgid.manchmal.in-ulm.de> <54EBA96B.3060002@thykier.net> <[🔎] 1425884038@msgid.manchmal.in-ulm.de>
Hi, On Mon, Mar 09, 2015 at 08:30:12AM +0100, Christoph Biedl wrote: > while finally preparing an answer I noticed somebody unblocked the > file package for jessie without further discussion. Whoever pulled the > strings, thanks a lot. And I hope this will not end in regressions or > other annoyances. There was a request by the security team for this. I unblocked it based on that, but didn't notice there was a pending unblock request tagged moreinfo, so I forgot to close it. Doing so now. Cheers, Ivo
--- End Message ---