Hello, On Thu, Jul 05 2018, Adam D. Barratt wrote: > Control: tags -1 + confirmed > Control: severity -1 normal > > On Thu, 2018-07-05 at 13:59 +0100, Sean Whitton wrote: >> Package: release.debian.org >> Severity: important > > p-u bugs (in fact, basically all release.d.o bugs) are "normal" at > most. There's no impact on the usability of the pseudo-package. Good point. Sorry about that. >> git-annex in stretch is vulnerable to CVE-2018-10857 and >> CVE-2018-10859. This update is a minimal fix for those CVEs prepared >> by its upstream, Joey Hess: > > Please go ahead. Now done. Thank you for your review. > The reason that the -security upload isn't already in proposed-updates > is that it used a different .orig tarball from that uploaded to the > main archive, causing the sync to fail. Ah. So that's why I'd been seeing all those checksum errors while generating debdiffs. I had assumed connectivity issues. -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature