Bug#837428: Re: jessie-pu: package libphp-adodb/5.15-1

To: Jean-Michel Vourgère "(debian)" <nirgal@debian.org>
Cc: 837428@bugs.debian.org
Subject: Bug#837428: Re: jessie-pu: package libphp-adodb/5.15-1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Mon, 31 Oct 2016 21:48:15 +0000
Message-id: <[🔎] 1477950495.2078.10.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 837428@bugs.debian.org
In-reply-to: <1542561.IuGyUJzdkR@deimos>
References: <1542561.IuGyUJzdkR@deimos>

Control: tags -1 + moreinfo

On Sun, 2016-09-11 at 16:24 +0200, Jean-Michel Vourgère (debian) wrote:
> I'd like to upload a fix for #837418 [1] and #837211 [2].
> 
> Attached is a debdiff against version 5.15-1 that is currently both in wheezy 
> and jessie. It includes the 2 upstream commits fixing these.
> 
> The package is to be compiled in a wheezy environment in order to match the 
> public repository version.

No, an upload to jessie needs to be built in a _jessie_ environment.

+libphp-adodb (5.15-1+deb8u1) jessie; urgency=medium
+
+  * Upload to jessie.
+
+ -- Jean-Michel Vourgère <nirgal@debian.org>  Sun, 11 Sep 2016 16:13:54 +0200
+
+libphp-adodb (5.15-1+deb7u1) wheezy; urgency=medium
+
+  * Cherry pick of upstream patches:
+    - d/patch/pdo-qstr-sql-injection. Closes: #837211
+    - d/patch/cve-2016-4855. Closes: #837418

That's an unusual way of forming the changelog. Why not simply a 5.15-1
+deb8u1 stanza listing the changes, on top of 5.15-1? In fact, given
that the +deb7u1 stanza doesn't match what actually got uploaded to
wheezy-security, please drop it.

Regards,

Adam

Reply to:

Prev by Date: Re: Static libraries - PIC or PIE?
Next by Date: Processed: Bug#837428: Re: jessie-pu: package libphp-adodb/5.15-1
Previous by thread: Bug#842744: transition: kodi
Next by thread: Processed: Bug#837428: Re: jessie-pu: package libphp-adodb/5.15-1
Index(es):
- Date
- Thread