Bug#934206: buster-pu: package golang-github-docker-docker-credential-helpers/0.6.1-2+deb10u1

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

Control: tags -1 + moreinfo

On 2019-08-08 08:47, Arnaud Rebillout wrote:
> Package: release.debian.org
> Severity: normal
> Tags: buster
> User: release.debian.org@packages.debian.org
> Usertags: pu
>
> The debdiff attached brings in an upstream patch to fix
> CVE-2019-1020014, hence closes #933801.
>
> This is my first contribution to Debian Stable, please check for
> beginners mistake ;)
>
> Also, the devel-announce "Bits from the Stable Release Managers"
> mentions:
>
>    * Fixes for security issues should be co-ordinated with the
>      Security Team, unless they have explicitly stated that they
>      will not issue an DSA for the bug (e.g. via a "no-dsa" marker
>      in the Security Tracker) [SECURITY-TRACKER]
>
> So, is there anything else I should do here? Like, CC them or 
> something?

Yes, *before* filing this bug, as if the Security Team want to handle it 
then this bug shouldn't exist to begin with.

I've CCed them now, let's see what they say.

Regards,

Adam