Bug#873758: stretch-pu: package memcached/1.4.33-1

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

On Tue, 2017-09-12 at 23:04 +0200, Guillaume Delacour wrote:
> 
> Le 12/09/2017 à 22:55, Adam D. Barratt a écrit :
> > On Tue, 2017-09-12 at 22:52 +0200, Guillaume Delacour wrote:
> > > Le 30/08/2017 à 21:58, Adam D. Barratt a écrit :
> > > > Control: tags -1 + confirmed
> > > > 
> > > > On Wed, 2017-08-30 at 21:33 +0200, gui@iroqwa.org wrote:
> > > > > The attached patch fix CVE-2017-9951 which has been not fixed
> > > > > via
> > > > > a DSA,
> > > > > as discussed with Salvatore Bonaccorso: https://bugs.debian.o
> > > > > rg/8
> > > > > 68701.
> > > > 
> > > > +memcached (1.4.33-1+deb9u1) stretch; urgency=high
> > > > +
> > > > +  * Non-maintainer upload by the Security Team.
> > > > 
> > > > So far as I can tell, you're not a member of the Security Team,
> > > > so
> > > > this
> > > > is incorrect.
> > > 
> > > Sure, please find attached the fixed debdiff, as i'm not a member
> > > of
> > > the
> > > security team. I've also changed the distribution from stretch to
> > > stretch-security.
> > 
> > Why? "stretch-security" is an appropriate distribution to use for
> > uploads to the security archive, in which case you should be
> > talking to
> >  the Security Team, not us. Assuming you're still proposing an
> > update
> > via proposed-updates and a point release, "stretch" was correct.
> 
> Indeed, absolutely right. Updated version attached.
> 

Please go ahead.

Regards,

Adam