>> Hi, there! >> >> I am not subscribed this list (@debian-security), so please CC me. >> >> I prepared package with patch which resolves CVE-2008-4776 and want to >> upload it. It is the first package which i want to upload into stable >> and I want somebody to check (and help to upload) it. debdiff can be >> found in attache. It contains one additional patch which was >> backported from 4.22.8 (from git) and it is built fine with pbuilder. >> >> PS: debdiff between centerim 4.22.5-1 (lenny) and 4.22.5-1+lenny1 GI> The distribution field in the changelog should be stable-proposed-updates, GI> and not stable-security. GI> Patch looks fine, but you need to contact[1] the stable release team GI> before you upload. GI> [1] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable I think no. This is security bug, so it (as far as I understand) must me prepared by the rules: http://www.debian.org/doc/developers-reference/pkgs.html#bug-security http://www.debian.org/doc/developers-reference/pkgs.html#bug-security-building quote: Target the right distribution in your debian/changelog. For stable this is stable-security and for testing this is testing-security, and for the previous stable release, this is oldstable-security. Do not target distribution-proposed-updates or stable! But I haven't done stable (security) uploads yet, and I wrote this mail to debian-security@ to get advice. -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : email: unera@debian.org jabber://UNera@uvw.ru `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537
Attachment:
signature.asc
Description: Digital signature