[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#925595: unblock: flatpak/1.2.4-1 (pre-approval) or 1.2.3-2 (unblock)

Control: tags -1 confirmed moreinfo

Simon McVittie:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> I would like to follow the 1.2.x stable-branch of flatpak in buster for
> as long as it's maintained upstream, similar to what I did with 0.8.x
> in stretch. Are the release team happy with this in principle?
> 
> In the short term, this means uploading flatpak 1.2.4 to unstable. It
> fixes CVE-2019-10063 (incomplete defence against command injection with
> TIOCSTI) and some non-security bugs. I attach a proposed diff: may I
> upload this if my tests are successful?
> 
> If 1.2.4 is not acceptable, please unblock 1.2.3-2 instead, to fix
> CVE-2019-10063 but not the non-security bugs (I already uploaded that
> version). I've attached the debdiff for that too.
> 
> See also #925569, the corresponding stable-update.
> 
> Thanks,
>     smcv
> 

Hi,

Please go with 1.2.4 and remove the moreinfo tag when it is ready to be
unblocked.

Thanks,
~Niels
Reply to: