On 2016-02-23 12:29, Laurent Destailleur (aka Eldy) wrote:
To fix opened securities hole into dolibarr stable package, i prepared the following 3 patch. This patch is now already included into unstable. It fixes the following CVE: * Fix CVE-2016-1912 (Closes: #812496) * Fix CVE-2015-8685 (Closes: #812449) * Fix CVE-2015-3935 (Closes: #787762) This is the debdiff. Can my mentor (Raphael Hertzog) push the new package with this patch into stable ?
Are you asking about stable or stable-security? Your changelog doesn't say either but you appear to have CCed the Security Team whilst following up to a release.debian.org bug.
Regards, Adam