[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#889940: stretch-pu: package miniupnpd/1.8.20140523-4.1 fix for CVE-2017-1000494



Control: tags -1 + confirmed

On Fri, 2018-02-09 at 00:15 +0100, Thomas Goirand wrote:
> I'd like to push for an update of miniupnpd in Stretch, in order to
> fix
> CVE-2017-1000494. The security team decided to go without a DSA.
> 
> Attached is the debdiff for the fix.

Please go ahead.

> Also, please let me know if my .changes must include the
> .orig.tar.gz,
> if it must, I'll rebuild with --force-orig-source. I'm sorry for I
> never remember when it should or not... :(
> 

No. It's required for the first upload of that .orig to a particular
archive (i.e. ftp-master or security), but not for subsequent uploads
to that archive.

Regards,

Adam


Reply to: