Bug#776458: unblock: dolibarr/3.5.5+dfsg1-1

To: Raphael Hertzog <hertzog@debian.org>, 776458@bugs.debian.org
Subject: Bug#776458: unblock: dolibarr/3.5.5+dfsg1-1
From: Ivo De Decker <ivodd@debian.org>
Date: Sun, 8 Feb 2015 21:57:23 +0100
Message-id: <[🔎] 20150208205722.GB31969@ugent.be>
Reply-to: Ivo De Decker <ivodd@debian.org>, 776458@bugs.debian.org
In-reply-to: <20150128085030.GA3666@home.ouaza.com>
References: <20150128085030.GA3666@home.ouaza.com>

Control: tags -1 moreinfo

Hi,

On Wed, Jan 28, 2015 at 09:50:30AM +0100, Raphael Hertzog wrote:
> Please unblock package dolibarr

> Version 3.5.5+dfsg1-1 fixes a security issue: CVE-2014-7137 (Closes: #770313)

This bug was filed by the security team as 'grave', but downgraded by the
maintainer to 'important' without explanation. If the issue is actually grave,
the severity should be increased again.

> That version contains changes unrelated to the above security fix but
> all the changes are only bugfixes. This version has been in sid since
> early december and no new problems have been reported.

The diff is very large, and it probably contains lots of changes that are not
appropriate at this point of the freeze. If you think this is not the case,
please explain why.

> I believe it's safe to unblock it.

A targeted fix for this issue is probably better.

Cheers,

Ivo

Reply to:

Follow-Ups:
- Bug#776458: unblock: dolibarr/3.5.5+dfsg1-1
  - From: Raphael Hertzog <hertzog@debian.org>

Prev by Date: Bug#776928: unblock: debian-installer-netboot-images/20150107
Next by Date: Processed: Re: Bug#776458: unblock: dolibarr/3.5.5+dfsg1-1
Previous by thread: Bug#776141: marked as done (unblock: sssd/1.11.7-3)
Next by thread: Processed: Re: Bug#776458: unblock: dolibarr/3.5.5+dfsg1-1
Index(es):
- Date
- Thread