Your message dated Sun, 15 Mar 2015 13:17:47 +0000 with message-id <1426425467.23926.23.camel@adam-barratt.org.uk> and subject line Re: Bug#780502: unblock: libphp-snoopy/2.0.0-1 has caused the Debian Bug report #780502, regarding unblock: libphp-snoopy/2.0.0-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 780502: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780502 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: libphp-snoopy/2.0.0-1
- From: Marcelo Jorge Vieira <metal@debian.org>
- Date: Sat, 14 Mar 2015 22:01:00 -0300
- Message-id: <[🔎] 1426381260.2249.21.camel@debian.org>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock I've uploaded a new upstream version of libphp-snoopy to unstable. This contains fixes for CVE-2008-7313 and CVE-2014-5008. You will find here [0] the debdiff file and the security team approval. [0] https://bugs.debian.org/778634 Can you please unblock it? Cheers, -- Marcelo Jorge Vieira xmpp:metal@jabber-br.org http://metaldot.alucinados.comAttachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
- To: 780502-done@bugs.debian.org
- Cc: Marcelo Jorge Vieira <metal@debian.org>
- Subject: Re: Bug#780502: unblock: libphp-snoopy/2.0.0-1
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sun, 15 Mar 2015 13:17:47 +0000
- Message-id: <1426425467.23926.23.camel@adam-barratt.org.uk>
- In-reply-to: <[🔎] 1426423152.23926.14.camel@adam-barratt.org.uk>
- References: <[🔎] 1426381260.2249.21.camel@debian.org> <[🔎] 1426423152.23926.14.camel@adam-barratt.org.uk>
On Sun, 2015-03-15 at 12:39 +0000, Adam D. Barratt wrote: > On Sat, 2015-03-14 at 22:01 -0300, Marcelo Jorge Vieira wrote: > > I've uploaded a new upstream version of libphp-snoopy to unstable. This > > contains fixes for CVE-2008-7313 and CVE-2014-5008. > > + * Switch to dpkg-source 3.0 (quilt) format > > Why was that change made? I can see no reason for it in the remainder of > the debdiff and it's been on the "sufficient for a flat out rejection" > list on > https://release.debian.org/jessie/freeze_policy.html#getting-unblocks > since the freeze started. After some discussion I'm persuaded that the fact that the package currently has no patches applied against the upstream source (and that this new upload also introduces none) makes enforcing that particular requirement less of an issue. However, this explicitly does not set a precedent for any future unblocks and I'm still not happy about it given that this has been the case for the entire of the Jessie freeze and for the Wheezy freeze at least (I think also for Squeeze, but can't find the detail right now) so this really should not have been a surprise to you. I realise that this is a new upstream version containing no other major changes, but the amount of whitespace changes and other re-formatting really do not make the diff easy to read. A few comments: + - remove all dependancies on cUrl, use OpenSSH for SSL connections. "dependencies". Also OpenSSL, not OpenSSH. You might also want to suggest to upstream that they fix the license information on http://sourceforge.net/projects/snoopy/ . It claims that snoopy is licensed as GPLv2, which is a) not what the downloaded source claims and b) would be an issue when combined with the OpenSSL use. Regards, Adam
--- End Message ---