Hi Laurent, On Tue, Feb 23, 2016 at 12:48:16PM +0000, Adam D. Barratt wrote: > On 2016-02-23 12:29, Laurent Destailleur (aka Eldy) wrote: > >To fix opened securities hole into dolibarr stable package, i prepared > >the following 3 patch. This patch is now already included into > >unstable. > >It fixes the following CVE: > > > >* Fix CVE-2016-1912 (Closes: #812496) > >* Fix CVE-2015-8685 (Closes: #812449) > >* Fix CVE-2015-3935 (Closes: #787762) > > > >This is the debdiff. Can my mentor (Raphael Hertzog) push the new > >package with this patch into stable ? > > Are you asking about stable or stable-security? Your changelog doesn't say > either but you appear to have CCed the Security Team whilst following up to > a release.debian.org bug. We do not plan to release a DSA for these dolibarr issues but it still would be good to have those fixed in Jessie. Those proposing an update via a upcoming Jessie point release would be great. Regards, Salvatore
Attachment:
signature.asc
Description: Digital signature