Control: tags -1 + moreinfo On 2015-11-11 16:39, Sebastian Lohff wrote:
there has been a directory traversal bug in servefile, it was fixed in version 0.4.4. I talked to the Debian security team and they said a DSA would not be necessary and recommended doing a stable-pu. Therefore I'd like to propose an update to 0.4.4 (debdiff attached).
+servefile (0.4.4-1~deb8u1) jessie; urgency=high + + * New upstream versionThat's not really a suitable changelog for an upload to unstable, particularly one that fixes security issues. It's certainly not suitable for a stable update.
The point of a changelog entry is to explain the purpose of the upload. In this case it is to fix a security problem and some other (specific, and enumerated in upstream's changelog) issues, not simply because a new upstream release is available. Please make the changelog indicate what has actually changed - see https://www.debian.org/doc/manuals/developers-reference/ch06.en.html#bpp-changelog-do , for example.
Regards, Adam