Here are the files for the update. On Thu, Mar 31, 2016 at 9:28 AM, Jesse Rhodes <drubo@drubo.net> wrote: > Package: release.debian.org > Severity: normal > Tags: jessie > User: release.debian.org@packages.debian.org > Usertags: pu > > Hi, > > I have prepared a patch for hexchat_2.10.1-1 in jessie for this issue, > https://security-tracker.debian.org/tracker/TEMP-0776609-026A07 > > It is also referenced in debian bug # 818009. > > I am the hexchat maintainer and this patch comes from upstream, via > the following 2 commits: > > https://github.com/hexchat/hexchat/commit/c99f2ba645d1f4d01d6d2bb0cc1238825e15c604 > https://github.com/hexchat/hexchat/commit/b6fa8574cb8e57db311fff2ada7ede3548617dd3 > > (The first commit depends on the changes made in the second.) > > I built the updated package in a jessie pbuilder and tested it in a > jessie vm. I can verify that: > - hexchat now verifies hostnames when ssl is in use > - hexchat appears to behave normally otherwise > > I spoke with the debian security team and they advised me that they would > not issue a DSA for this, and that I should submit it to jessie-proposed-updates > instead. > > Please let me know if you require anything else. > > Thanks > > sney > > > -- System Information: > Debian Release: 8.3 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) > Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system)
Attachment:
hexchat_2.10.1-1+deb8u1.debian.tar.xz
Description: Binary data
Attachment:
hexchat_2.10.1-1+deb8u1.dsc
Description: Binary data