Bug#832517: jessie-pu: package yaws/1.98-4+deb8u1

To: Sergei Golovan <sgolovan@nes.ru>, 832517@bugs.debian.org
Subject: Bug#832517: jessie-pu: package yaws/1.98-4+deb8u1
From: Julien Cristau <jcristau@debian.org>
Date: Fri, 29 Jul 2016 13:35:36 +0200
Message-id: <[🔎] 20160729113536.GW3361@betterave.cristau.org>
Reply-to: Julien Cristau <jcristau@debian.org>, 832517@bugs.debian.org
In-reply-to: <[🔎] 20160726111441.25331.71066.reportbug@jupiter.golovan.home>
References: <[🔎] 20160726111441.25331.71066.reportbug@jupiter.golovan.home>

Control: tag -1 confirmed

On Tue, Jul 26, 2016 at 14:14:41 +0300, Sergei Golovan wrote:

> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian.org@packages.debian.org
> Usertags: pu
> 
> Hi release team!
> 
> I'd like to upload stable update for the YAWS web server which would
> fix #832433 (see [1] for details). It's a vulnerability found in quite
> a few products, YAWS passes the HTTP_PROXY environment variable to its
> CGI scripts and takes the value for it from the Proxy: HTTP header
> (see [2]).
> 
> The patch for this bug is taken from upstream. The diff is attached.
> 
> diff -Nru yaws-1.98/debian/changelog yaws-1.98/debian/changelog
> --- yaws-1.98/debian/changelog	2014-08-18 08:49:39.000000000 +0400
> +++ yaws-1.98/debian/changelog	2016-07-26 07:48:48.000000000 +0300
> @@ -1,3 +1,10 @@
> +yaws (1.98-4+deb8u1) stable; urgency=low

We usually prefer "jessie" as distribution in changelog.  Either way,
feel free to upload.

Cheers,
Julien

Reply to:

References:
- Bug#832517: jessie-pu: package yaws/1.98-4+deb8u1
  - From: Sergei Golovan <sgolovan@nes.ru>

Prev by Date: Processed: Re: Bug#825534: jessie-pu: package backuppc/3.3.0-2
Next by Date: Processed: Re: Bug#832517: jessie-pu: package yaws/1.98-4+deb8u1
Previous by thread: Bug#832517: jessie-pu: package yaws/1.98-4+deb8u1
Next by thread: Processed: Re: Bug#832517: jessie-pu: package yaws/1.98-4+deb8u1
Index(es):
- Date
- Thread