tor 2017-08-17 klockan 21:59 +0100 skrev Adam D. Barratt: > On Thu, 2017-08-17 at 20:22 +0200, Martin Zobel-Helas wrote: > > Hi, > > > > On Thu Aug 17, 2017 at 16:38:36 +0200, Mattias Ellert wrote: > > [...] > > > +gsoap (2.8.35-4+deb9u1) stretch; urgency=medium > > > + > > > + * Fix for CVE-2017-9765 (Closes: xxxx) > > > + > > > + -- Mattias Ellert <mattias.ellert@physics.uu.se> Wed, 16 Aug 2017 11:58:11 +0200 > > > + > > > gsoap (2.8.35-4) unstable; urgency=medium > > > > once this changelog has a proper Closes line with bug-number this patch > > looks sane to me. > > Is there actually a Debian bug for the issue? I couldn't find one. > > Regards, > > Adam > Hi! I don't understand the last comment here. Of course there is a bug - it is this one. The reason the debdiff in the request says "Closes: xxxx", is a chicken-and-egg problem. You are supposed to attach the debdiff to the request, but before you make the request its BTS number does not yet exists - so you can't include it in the attachment at creation time. After I got the confirmation back with the number I updated the changelog with the bug number. Mattias
Attachment:
signature.asc
Description: This is a digitally signed message part