retitle 781141 unblock: dulwich/0.9.7-2 user release.debian.org@packages.debian.org usertags 781141 = unblock tags 781141 + moreinfo thanks On 2015-03-25 1:31, Jelmer Vernooij wrote: [...]
User: release.debian.org@packages.debian.org Usertags: pu
Updates via t-p-u are unblocks; "pu" is intended for stable updates. I realise that this apparently isn't clear from the reportbug wording.
Hello,I'd like to upload a new version of dulwich to testing-proposed-updates.unstable already has a new upstream version (0.9.8) from an upload in November, and has diverged from testing. This upload would fix two serious security bugs:#780958 CVE-2015-0838: buffer overflow in C implementation of pack apply_delta()#780989 CVE-2014-9706: does not prevent to write files in commits with invalid paths to working tree
+dulwich (0.9.7-3) unstable; urgency=medium s/unstable/jessie/ :)The patches look okay, but according to the BTS metadata both bugs affect the package in unstable and are not yet fixed there. If that's correct, please fix unstable and then get back to us; if it's not, please fix the metadata to indicate where the bugs are fixed.
Regards, Adam