>> Hi, there!
>>
>> I am not subscribed this list (@debian-security), so please CC me.
>>
>> I prepared package with patch which resolves CVE-2008-4776 and want to
>> upload it. It is the first package which i want to upload into stable
>> and I want somebody to check (and help to upload) it. debdiff can be
>> found in attache. It contains one additional patch which was
>> backported from 4.22.8 (from git) and it is built fine with pbuilder.
>>
>> PS: debdiff between centerim 4.22.5-1 (lenny) and 4.22.5-1+lenny1
GI> The distribution field in the changelog should be stable-proposed-updates,
GI> and not stable-security.
GI> Patch looks fine, but you need to contact[1] the stable release team
GI> before you upload.
GI> [1] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable
I think no. This is security bug, so it (as far as I understand) must
me prepared by the rules:
http://www.debian.org/doc/developers-reference/pkgs.html#bug-security
http://www.debian.org/doc/developers-reference/pkgs.html#bug-security-building
quote:
Target the right distribution in your debian/changelog.
For stable this is stable-security and for testing this
is testing-security, and for the previous stable
release, this is oldstable-security. Do not target
distribution-proposed-updates or stable!
But I haven't done stable (security) uploads yet, and I wrote this
mail to debian-security@ to get advice.
--
... mpd is off
. ''`. Dmitry E. Oboukhov
: :’ : email: unera@debian.org jabber://UNera@uvw.ru
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
`- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537
Attachment:
signature.asc
Description: Digital signature