Bug#799019: jessie-pu: package golang/2:1.3.3-1+deb8u1

To: Tianon Gravi <admwiggin@gmail.com>, 799019@bugs.debian.org
Subject: Bug#799019: jessie-pu: package golang/2:1.3.3-1+deb8u1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 15 Sep 2015 06:41:27 +0200
Message-id: <[🔎] 20150915044127.GA28995@elende.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 799019@bugs.debian.org
In-reply-to: <[🔎] CAHnKnK23CtVAHwh0pcWFr6ODXdW3pp_+d9UDuKSepmL2Uq_u7A@mail.gmail.com>
References: <[🔎] CAHnKnK23CtVAHwh0pcWFr6ODXdW3pp_+d9UDuKSepmL2Uq_u7A@mail.gmail.com>

Hi Tianon,

On Mon, Sep 14, 2015 at 05:18:30PM -0700, Tianon Gravi wrote:
> Package: release.debian.org
> User: release.debian.org@packages.debian.org
> Usertags: pu
> Tags: jessie
> Severity: normal
> 
> Hi!
> 
> "src:golang" has recently had a group of non-critical CVEs (#795106);
> I've finally got a fix in unstable now, but the security team
> requested[1] that I also propose an upload to s-p-u also to update
> jessie.
> 
> I've attached the proposed debdiff -- the only functional change is
> the addition of the .patch file containing the three backported
> upstream commits to fix the CVEs.
> 
> [1]: https://bugs.debian.org/795106#45
> 
> Thanks for your consideration!

Remark: not spaeking as Release Team member, just "outsider": could
you as well include the fix for the issue without CVE, see:

https://security-tracker.debian.org/tracker/source-package/golang

(it needs to be addressed as well in unstable before though).

Regards,
Salvatore

Reply to:

References:
- Bug#799019: jessie-pu: package golang/2:1.3.3-1+deb8u1
  - From: Tianon Gravi <admwiggin@gmail.com>

Prev by Date: Bug#798977: nmu: pyside_1.2.2-1
Next by Date: Bug#793621: transition: vtk6
Previous by thread: Bug#799019: jessie-pu: package golang/2:1.3.3-1+deb8u1
Next by thread: Bug#799019: jessie-pu: package golang/2:1.3.3-1+deb8u1
Index(es):
- Date
- Thread