Bug#872441: stretch-pu: package gsoap/2.8.35-4+deb9u1
Hi,
On Fri Aug 18, 2017 at 09:01:04 +0200, Mattias Ellert wrote:
> tor 2017-08-17 klockan 21:59 +0100 skrev Adam D. Barratt:
> > On Thu, 2017-08-17 at 20:22 +0200, Martin Zobel-Helas wrote:
> > > Hi,
> > >
> > > On Thu Aug 17, 2017 at 16:38:36 +0200, Mattias Ellert wrote:
> >
> > [...]
> > > > +gsoap (2.8.35-4+deb9u1) stretch; urgency=medium
> > > > +
> > > > + * Fix for CVE-2017-9765 (Closes: xxxx)
> > > > +
> > > > + -- Mattias Ellert <mattias.ellert@physics.uu.se> Wed, 16 Aug 2017 11:58:11 +0200
> > > > +
> > > > gsoap (2.8.35-4) unstable; urgency=medium
> > >
> > > once this changelog has a proper Closes line with bug-number this patch
> > > looks sane to me.
> >
> > Is there actually a Debian bug for the issue? I couldn't find one.
> >
> > Regards,
> >
> > Adam
> >
>
> Hi!
>
> I don't understand the last comment here.
> Of course there is a bug - it is this one.
>
> The reason the debdiff in the request says "Closes: xxxx", is a
> chicken-and-egg problem. You are supposed to attach the debdiff to the
> request, but before you make the request its BTS number does not yet
> exists - so you can't include it in the attachment at creation time.
> After I got the confirmation back with the number I updated the
> changelog with the bug number.
No, this is the bug report für the p-u upload. What the release team is
looking for is a (RC) bug assigned to the package, that describes the
real issue, linking the CVEs, ...
Cheers,
Martin
--
Martin Zobel-Helas <zobel@debian.org> Debian System Administrator
Debian & GNU/Linux Developer Debian Listmaster
http://about.me/zobel Debian Webmaster
GPG Fingerprint: 6B18 5642 8E41 EC89 3D5D BDBB 53B1 AC6D B11B 627B
Reply to: