Bug#900920: stretch-pu: package freedink-dfarc/3.12-1+deb9u1

To: beuc@debian.org, 900920@bugs.debian.org
Subject: Bug#900920: stretch-pu: package freedink-dfarc/3.12-1+deb9u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 08 Jun 2018 18:55:18 +0100
Message-id: <[🔎] 1528480518.2075.41.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 900920@bugs.debian.org
In-reply-to: <[🔎] 3afde136-3d6b-46cc-22dc-e9aac1d796d9@beuc.net>
References: <[🔎] 3afde136-3d6b-46cc-22dc-e9aac1d796d9@beuc.net> <[🔎] 3afde136-3d6b-46cc-22dc-e9aac1d796d9@beuc.net>

Control: tags -1 + confirmed

On Wed, 2018-06-06 at 19:54 +0200, beuc@debian.org wrote:
> Please consider this update to freedink-dfarc for stretch.
> It fixes a security issue that can overwrite arbitrary user files.
> Sending to stable following security team's directions from 2018-06-
> 01.

+freedink-dfarc (3.12-1+deb9u1) stable; urgency=high

Please use "stretch" as the distribution.

+  * Fix directory traversal in D-Mod extractor (CVE-2018-0496)
+  * Upload to 'stable' as security team rejected a DSA to
+    'stretch-security' (no justification)

The changelog is not the place for such commentary - please remove it.

With the above changes made, and assuming that the resulting package
has been tested on stretch, please feel free to upload.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#900920: stretch-pu: package freedink-dfarc/3.12-1+deb9u1
  - From: Sylvain <beuc@beuc.net>

References:
- Bug#900920: stretch-pu: package freedink-dfarc/3.12-1+deb9u1
  - From: beuc@debian.org

Prev by Date: Re: Scheduling 9.5
Next by Date: Processed: Re: Bug#900920: stretch-pu: package freedink-dfarc/3.12-1+deb9u1
Previous by thread: Bug#900920: stretch-pu: package freedink-dfarc/3.12-1+deb9u1
Next by thread: Bug#900920: stretch-pu: package freedink-dfarc/3.12-1+deb9u1
Index(es):
- Date
- Thread