Your message dated Thu, 6 Jun 2019 21:04:45 +0200 with message-id <75791b7f-f7e2-ea0a-bb95-d87f74cdd450@debian.org> and subject line Re: unblock: suricata/4.1.4-1 has caused the Debian Bug report #928294, regarding unblock: suricata/4.1.4-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 928294: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928294 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: suricata/4.1.4-1
- From: Pierre Chifflier <pollux@debian.org>
- Date: Wed, 1 May 2019 14:24:06 +0200
- Message-id: <20190501122405.GA3@maredsous.wzdftpd.net>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Although it is an upstream release, please unblock suricata 4.1.4-1 for buster. Suricata is an Intrusion Detection System (IDS), which makes it exposed to malicious traffic by design. The upstream release 4.1.4 fixes several bugs and security issues (no CVE numbers). The debdiff since 4.1.3 is too big to be included here (it contains updates to many auto-generated files like configure), so I'm adding the upstream changelog here: Changes Bug #2870: pcap logging with lz4 coverity warning Bug #2883: ssh: heap buffer overflow Bug #2884: mpls: heapbuffer overflow in file decode-mpls.c Bug #2887: decode-ethernet: heapbuffer overflow in file decode-ethernet.c Bug #2888: 4.1.3 core in HCBDCreateSpace Bug #2894: smb 1 create andx request does not parse the filename correctly Bug #2902: rust/dhcp: panic in dhcp parser Bug #2903: mpls: cast of misaligned data leads to undefined behavior Bug #2904: rust/ftp: panic in ftp parser Bug #2943: rust/nfs: integer underflow This release includes Suricata-Update 1.0.5 I hope the new version can be included. Best regards, Pierre
--- End Message ---
--- Begin Message ---
- To: 928294-done@bugs.debian.org, Pierre Chifflier <pollux@debian.org>
- Subject: Re: unblock: suricata/4.1.4-1
- From: Paul Gevers <elbrus@debian.org>
- Date: Thu, 6 Jun 2019 21:04:45 +0200
- Message-id: <75791b7f-f7e2-ea0a-bb95-d87f74cdd450@debian.org>
- In-reply-to: <9546ec03-0659-b268-5ef1-7e7e0242e82c@debian.org>
- References: <20190501122405.GA3@maredsous.wzdftpd.net> <20190501122405.GA3@maredsous.wzdftpd.net> <9546ec03-0659-b268-5ef1-7e7e0242e82c@debian.org>
Hi Pierre, On 11-05-2019 17:08, Paul Gevers wrote: > Can you please investigate how severe these issues are that are being > fixed. The current delta with buster is big and not in line with the > freeze policy as I can't say that this is a targeted fix. Are all these > issues important or serious? > > Can you also please give us a risk assessment for the unblock? If buster > were already released, would you have requested the same update? We are getting close to the release. Keeping this bug open without a response isn't helping the release process. Please open a new request if there is a targeted fix that should land in buster. If you still want to follow-up, you can reopen this bug. PaulAttachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---