Bug#889940: stretch-pu: package miniupnpd/1.8.20140523-4.1 fix for CVE-2017-1000494

To: Thomas Goirand <zigo@debian.org>, 889940@bugs.debian.org
Subject: Bug#889940: stretch-pu: package miniupnpd/1.8.20140523-4.1 fix for CVE-2017-1000494
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 23 Feb 2018 17:35:17 +0000
Message-id: <[🔎] 1519407317.20519.22.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 889940@bugs.debian.org
In-reply-to: <[🔎] 151813171224.19229.16007532799426192901.reportbug@buzig2.mirantis.com>
References: <[🔎] 151813171224.19229.16007532799426192901.reportbug@buzig2.mirantis.com> <[🔎] 151813171224.19229.16007532799426192901.reportbug@buzig2.mirantis.com>

Control: tags -1 + confirmed

On Fri, 2018-02-09 at 00:15 +0100, Thomas Goirand wrote:
> I'd like to push for an update of miniupnpd in Stretch, in order to
> fix
> CVE-2017-1000494. The security team decided to go without a DSA.
> 
> Attached is the debdiff for the fix.

Please go ahead.

> Also, please let me know if my .changes must include the
> .orig.tar.gz,
> if it must, I'll rebuild with --force-orig-source. I'm sorry for I
> never remember when it should or not... :(
> 

No. It's required for the first upload of that .orig to a particular
archive (i.e. ftp-master or security), but not for subsequent uploads
to that archive.

Regards,

Adam

Reply to:

References:
- Bug#889940: stretch-pu: package miniupnpd/1.8.20140523-4.1 fix for CVE-2017-1000494
  - From: Thomas Goirand <zigo@debian.org>

Prev by Date: Processed: Re: Bug#891221: stretch's lxc fails to create sid container: iproute not found
Next by Date: Processed: Re: Bug#889940: stretch-pu: package miniupnpd/1.8.20140523-4.1 fix for CVE-2017-1000494
Previous by thread: Bug#889940: stretch-pu: package miniupnpd/1.8.20140523-4.1 fix for CVE-2017-1000494
Next by thread: Processed: Re: Bug#889940: stretch-pu: package miniupnpd/1.8.20140523-4.1 fix for CVE-2017-1000494
Index(es):
- Date
- Thread