Hi, Anton Gladky <gladk@debian.org> (2017-06-19): > Package: release.debian.org > Severity: normal > Tags: stretch > User: release.debian.org@packages.debian.org > Usertags: pu > > Dear release team, > > the following gnuplot version fixes the CVE-2017-9670. Please let me > know, whether it can be upoaded to proposed-updates. Looking at the security tracker, it looks like this was decided this was going to be a no-dsa fix, but feel free to mention this upfront in your next pu requests. :) Anyway, looking at the diff: the version number isn't appropriate, as stretch has 5.0.5+dfsg1-6, you should be uploading 5.0.5+dfsg1-6+deb9u1. Alternatively, if you were going to backport 5.0.5+dfsg1-7 from testing, you could use 5.0.5+dfsg1-7~deb9u1, but then this should be on top of the 5.0.5+dfsg1-7 changelog entry. Either way, please provide an updated debdiff with a proper version (for a simple patch like this, I think the first solution would have a slight preference on my side → 5.0.5+dfsg1-6+deb9u1). Thanks already. KiBi.
Attachment:
signature.asc
Description: Digital signature