[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#855312: unblock: dbus/1.10.16-1

Control: tags -1 confirmed

Simon McVittie:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package dbus. This new upstream release fixes a couple
> of symlink attacks in rare code paths, which could be argued to be
> security vulnerabilities by someone sufficiently pedantic (I'm going
> to raise this with the security team, but I suspect they will not
> consider it worth doing a stable update).
> 
> I would like to track the dbus-1.10 branch in stretch-as-stable,
> as I have for dbus-1.8 in jessie. I am an upstream dbus maintainer,
> and I plan to continue to produce minimal upstream stable releases.
> 
> I plan to release dbus 1.12.0 at some point in the near future (during
> or soon after the stretch freeze), at which point 1.10.x will go from
> "bug fixes only" to "security fixes only".
> 
> unblock dbus/1.10.16-1
> 
> Thanks,
>     S
> 
> [...]

Looks good to me, but needs an ACK from KiBi due to its udebs.

Thanks,
~Niels
Reply to: