Am 30.12.2019 um 22:21 teilte Adam D. Barratt mit: > On Tue, 2019-12-10 at 23:51 +0100, Hilmar Preusse wrote: Hi Adam, >> #946345 proftpd-dfsg: CVE-2019-19269 >> >> ...for Debian stretch. I built/installed the package an Debian >> oldstable and could login into the server and transfer file. > > +proftpd-dfsg (1.3.5b-4+deb9u3) stretch-security; urgency=medium > > The distribution for a stretch-pu upload should simply be "stretch". > Thanks, will fix that. > + * Cherry pick patch from upstream: > + - for upstream 861 (CVE-2019-19269) (Closes: #946345) > + upstream_pull_861_CVE-2019-19269 > > I'm not sure whether that final line was intended to be included. > Yes, this is the name of the patch, which has been added. > Please go ahead. > Not sure, what you want to tell me. Should I simply upload the package w/ the corrections above? Will it be accepted, even if I'm not a DD (I have upload permits for that package as DM)? Hilmar -- sigfault #206401 http://counter.li.org
Attachment:
signature.asc
Description: OpenPGP digital signature