[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#819658: jessie-pu: package hexchat/2.10.1-1

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

I have prepared a patch for hexchat_2.10.1-1 in jessie for this issue,
https://security-tracker.debian.org/tracker/TEMP-0776609-026A07

It is also referenced in debian bug # 818009.

I am the hexchat maintainer and this patch comes from upstream, via
the following 2 commits:

https://github.com/hexchat/hexchat/commit/c99f2ba645d1f4d01d6d2bb0cc1238825e15c604
https://github.com/hexchat/hexchat/commit/b6fa8574cb8e57db311fff2ada7ede3548617dd3

(The first commit depends on the changes made in the second.)

I built the updated package in a jessie pbuilder and tested it in a
jessie vm. I can verify that:
- hexchat now verifies hostnames when ssl is in use
- hexchat appears to behave normally otherwise

I spoke with the debian security team and they advised me that they would
not issue a DSA for this, and that I should submit it to jessie-proposed-updates 
instead.

Please let me know if you require anything else.

Thanks

sney


-- System Information:
Debian Release: 8.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: