Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Processed: Re: Bug#1060774: bullseye-pu: netatalk/3.1.12~ds-8+deb11u2
1 view
Skip to first unread message
Debian Bug Tracking System
Jan 15, 2024, 1:20:04 PM1/15/24
to
Processing control commands:
> tags -1 + moreinfo
Bug #1060774 [release.debian.org] bullseye-pu: netatalk/3.1.12~ds-8+deb11u2
Added tag(s) moreinfo.
--
1060774: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060774
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
> tags -1 + moreinfo
Bug #1060774 [release.debian.org] bullseye-pu: netatalk/3.1.12~ds-8+deb11u2
Added tag(s) moreinfo.
--
1060774: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060774
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Adam D. Barratt
Jan 15, 2024, 1:20:04 PM1/15/24
to
Control: tags -1 + moreinfo
On Sun, 2024-01-14 at 06:23 +0000, Daniel Markstedt wrote:
> CVE-2022-22995
> Ref. advisory: https://netatalk.sourceforge.io/CVE-2022-22995.php
>
> The attached patch can be applied to Debian oldstable to address the
> vulnerability.
>
In order to approve an upload, we need to see a full source debdiff of
the proposed new package, not just the isolated patch. Please remove
the moreinfo tag when providing that.
> I'm proposing an oldstable out-of-release-cycle upload: 3.1.12~ds-
> 8+deb11u2
I'm not entirely sure what you mean by an "out-of-release-cycle upload"
here.
Regards,
Adam
On Sun, 2024-01-14 at 06:23 +0000, Daniel Markstedt wrote:
> CVE-2022-22995
> Ref. advisory: https://netatalk.sourceforge.io/CVE-2022-22995.php
>
> The attached patch can be applied to Debian oldstable to address the
> vulnerability.
>
In order to approve an upload, we need to see a full source debdiff of
the proposed new package, not just the isolated patch. Please remove
the moreinfo tag when providing that.
> I'm proposing an oldstable out-of-release-cycle upload: 3.1.12~ds-
> 8+deb11u2
I'm not entirely sure what you mean by an "out-of-release-cycle upload"
here.
Regards,
Adam
Daniel Markstedt
Jan 16, 2024, 3:40:04 AM1/16/24
to
2024年1月16日 (火) 02:53, Adam D. Barratt <ad...@adam-barratt.org.uk> 送信:
Control: tags -1 + moreinfo
On Sun, 2024-01-14 at 06:23 +0000, Daniel Markstedt wrote:
> CVE-2022-22995
> Ref. advisory: https://netatalk.sourceforge.io/CVE-2022-22995.php
>
> The attached patch can be applied to Debian oldstable to address the
> vulnerability.
>
In order to approve an upload, we need to see a full source debdiff of
the proposed new package, not just the isolated patch. Please remove
the moreinfo tag when providing that.
Adam, thanks for following up on this request.
I will work on a debdiff when I’m back home this coming weekend.
Right now I’m working offsite without access to a personal computer.
> I'm proposing an oldstable out-of-release-cycle upload: 3.1.12~ds-
> 8+deb11u2
I'm not entirely sure what you mean by an "out-of-release-cycle upload"
here.
Regards,
Adam
Please disregard the above; I got confused with the Ubuntu process.
Sincerely,
Daniel
Jonathan Wiltshire
Feb 6, 2024, 1:10:05 PM2/6/24
to
Hi,
On Tue, Jan 16, 2024 at 08:30:52AM +0000, Daniel Markstedt wrote:
> 2024年1月16日 (火) 02:53, Adam D. Barratt <[ad...@adam-barratt.org.uk](mailto:2024年1月16日 (火) 02:53, Adam D. Barratt <<a href=)> 送信:
11.10 if you send a debdiff.
Thanks,
--
Jonathan Wiltshire j...@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
On Tue, Jan 16, 2024 at 08:30:52AM +0000, Daniel Markstedt wrote:
> 2024年1月16日 (火) 02:53, Adam D. Barratt <[ad...@adam-barratt.org.uk](mailto:2024年1月16日 (火) 02:53, Adam D. Barratt <<a href=)> 送信:
>
> > Control: tags -1 + moreinfo
> >
> > On Sun, 2024-01-14 at 06:23 +0000, Daniel Markstedt wrote:
> >> CVE-2022-22995
> >> Ref. advisory: https://netatalk.sourceforge.io/CVE-2022-22995.php
> >>
> >> The attached patch can be applied to Debian oldstable to address the
> >> vulnerability.
> >>
> >
> > In order to approve an upload, we need to see a full source debdiff of
> > the proposed new package, not just the isolated patch. Please remove
> > the moreinfo tag when providing that.
>
> Adam, thanks for following up on this request.
> I will work on a debdiff when I’m back home this coming weekend.
> Right now I’m working offsite without access to a personal computer.
Ping? It's now too late for 11.9 but your request can be considered for
> > Control: tags -1 + moreinfo
> >
> > On Sun, 2024-01-14 at 06:23 +0000, Daniel Markstedt wrote:
> >> CVE-2022-22995
> >> Ref. advisory: https://netatalk.sourceforge.io/CVE-2022-22995.php
> >>
> >> The attached patch can be applied to Debian oldstable to address the
> >> vulnerability.
> >>
> >
> > In order to approve an upload, we need to see a full source debdiff of
> > the proposed new package, not just the isolated patch. Please remove
> > the moreinfo tag when providing that.
>
> Adam, thanks for following up on this request.
> I will work on a debdiff when I’m back home this coming weekend.
> Right now I’m working offsite without access to a personal computer.
11.10 if you send a debdiff.
Thanks,
--
Jonathan Wiltshire j...@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Debian Bug Tracking System
Feb 10, 2024, 7:40:05 PM2/10/24
to
Processing control commands:
> tags -1 - moreinfo
> tags -1 - moreinfo
Bug #1060774 [release.debian.org] bullseye-pu: netatalk/3.1.12~ds-8+deb11u2
Removed tag(s) moreinfo.
Jonathan Wiltshire
Feb 21, 2024, 3:10:03 AM2/21/24
to
Control: tag -1 confirmed
On Sun, Feb 11, 2024 at 12:29:09AM +0000, Daniel Markstedt wrote:
> Please find a debdiff attached here. Is this adequate for doing the security release?
>
> Thank you!
>
> Daniel
> diff -Nru netatalk-3.1.12~ds/debian/changelog netatalk-3.1.12~ds/debian/changelog
> --- netatalk-3.1.12~ds/debian/changelog 2023-09-20 05:19:20.000000000 +0000
> +++ netatalk-3.1.12~ds/debian/changelog 2024-02-10 23:49:31.000000000 +0000
> @@ -1,3 +1,10 @@
> +netatalk (3.1.12~ds-8+deb11u2) bullseye-security; urgency=high
> +
> + * Fix CVE-2022-22995. Harden create_appledesktop_folder.
> + closes: bug#1060773
> +
> + -- Daniel Markstedt <dan...@mindani.net> Sat, 10 Feb 2024 23:49:31 +0000
> +
You should be targetting `bullseye` in the most recent changelog; with that
fixed, please go ahead.
On Sun, Feb 11, 2024 at 12:29:09AM +0000, Daniel Markstedt wrote:
> Please find a debdiff attached here. Is this adequate for doing the security release?
>
> Thank you!
>
> Daniel
> diff -Nru netatalk-3.1.12~ds/debian/changelog netatalk-3.1.12~ds/debian/changelog
> --- netatalk-3.1.12~ds/debian/changelog 2023-09-20 05:19:20.000000000 +0000
> +++ netatalk-3.1.12~ds/debian/changelog 2024-02-10 23:49:31.000000000 +0000
> @@ -1,3 +1,10 @@
> +netatalk (3.1.12~ds-8+deb11u2) bullseye-security; urgency=high
> +
> + * Fix CVE-2022-22995. Harden create_appledesktop_folder.
> + closes: bug#1060773
> +
> + -- Daniel Markstedt <dan...@mindani.net> Sat, 10 Feb 2024 23:49:31 +0000
> +
You should be targetting `bullseye` in the most recent changelog; with that
fixed, please go ahead.
Debian Bug Tracking System
Feb 21, 2024, 3:10:04 AM2/21/24
to
Processing control commands:
> tag -1 confirmed
> tag -1 confirmed
Bug #1060774 [release.debian.org] bullseye-pu: netatalk/3.1.12~ds-8+deb11u2
Added tag(s) confirmed.
0 new messages