Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1037079: unblock: configobj/5.0.8-2
0 views
Skip to first unread message
Stefano Rivera
Jun 3, 2023, 4:40:05 PM6/3/23
to
Package: release.debian.org
Severity: normal
User: release.d...@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: conf...@packages.debian.org
Control: affects -1 + src:configobj
Please unblock package configobj
[ Reason ]
Resolves a (minor) security issue. The patch only became available
recently.
It resolves a ReDoS attack (regular expression denial of service)
potentially caused by parsing untrusted configuration files.
[ Impact ]
Ship with an outstanding (very minor) security issue.
[ Tests ]
The patch includes a regression test.
The package test suite passes.
[ Risks ]
Trivial change to a regex, which looks reasonable.
The upstream hasn't reviewed it, yet.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock configobj/5.0.8-2
Severity: normal
User: release.d...@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: conf...@packages.debian.org
Control: affects -1 + src:configobj
Please unblock package configobj
[ Reason ]
Resolves a (minor) security issue. The patch only became available
recently.
It resolves a ReDoS attack (regular expression denial of service)
potentially caused by parsing untrusted configuration files.
[ Impact ]
Ship with an outstanding (very minor) security issue.
[ Tests ]
The patch includes a regression test.
The package test suite passes.
[ Risks ]
Trivial change to a regex, which looks reasonable.
The upstream hasn't reviewed it, yet.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock configobj/5.0.8-2
Sebastian Ramacher
Jun 4, 2023, 4:00:04 PM6/4/23
to
retitle 1037079 bookworm-pu: configobj/5.0.8-2
tags 1037079 bookworm moreinfo
user release.d...@packages.debian.org
usertags 1037079 + pu - unblock
thanks
Hi Stefano
On 2023-06-03 16:28:41 -0400, Stefano Rivera wrote:
> Package: release.debian.org
> Severity: normal
> User: release.d...@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: conf...@packages.debian.org
> Control: affects -1 + src:configobj
>
> Please unblock package configobj
We have entered the quiet periold of bookworm [1]. Please consider
fixing this issue via bookworm-pu. As this update fixes a security
issue, please also check with the Security Team in case this update is
worth of a DSA.
Cheers
[1] https://lists.debian.org/debian-devel-announce/2023/06/msg00000.html
--
Sebastian Ramacher
tags 1037079 bookworm moreinfo
user release.d...@packages.debian.org
usertags 1037079 + pu - unblock
thanks
Hi Stefano
On 2023-06-03 16:28:41 -0400, Stefano Rivera wrote:
> Package: release.debian.org
> Severity: normal
> User: release.d...@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: conf...@packages.debian.org
> Control: affects -1 + src:configobj
>
> Please unblock package configobj
fixing this issue via bookworm-pu. As this update fixes a security
issue, please also check with the Security Team in case this update is
worth of a DSA.
Cheers
[1] https://lists.debian.org/debian-devel-announce/2023/06/msg00000.html
--
Sebastian Ramacher
Salvatore Bonaccorso
Jun 5, 2023, 1:50:04 AM6/5/23
to
Hi,
On Sun, Jun 04, 2023 at 09:50:23PM +0200, Sebastian Ramacher wrote:
> retitle 1037079 bookworm-pu: configobj/5.0.8-2
> tags 1037079 bookworm moreinfo
> user release.d...@packages.debian.org
> usertags 1037079 + pu - unblock
> thanks
>
> Hi Stefano
>
> On 2023-06-03 16:28:41 -0400, Stefano Rivera wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.d...@packages.debian.org
> > Usertags: unblock
> > X-Debbugs-Cc: conf...@packages.debian.org
> > Control: affects -1 + src:configobj
> >
> > Please unblock package configobj
>
> We have entered the quiet periold of bookworm [1]. Please consider
> fixing this issue via bookworm-pu. As this update fixes a security
> issue, please also check with the Security Team in case this update is
> worth of a DSA.
As it does not warrant a DSA, the first bookworm point release is fine
for it.
Regards,
Salvatore
On Sun, Jun 04, 2023 at 09:50:23PM +0200, Sebastian Ramacher wrote:
> retitle 1037079 bookworm-pu: configobj/5.0.8-2
> tags 1037079 bookworm moreinfo
> user release.d...@packages.debian.org
> usertags 1037079 + pu - unblock
> thanks
>
> Hi Stefano
>
> On 2023-06-03 16:28:41 -0400, Stefano Rivera wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.d...@packages.debian.org
> > Usertags: unblock
> > X-Debbugs-Cc: conf...@packages.debian.org
> > Control: affects -1 + src:configobj
> >
> > Please unblock package configobj
>
> We have entered the quiet periold of bookworm [1]. Please consider
> fixing this issue via bookworm-pu. As this update fixes a security
> issue, please also check with the Security Team in case this update is
> worth of a DSA.
for it.
Regards,
Salvatore
0 new messages