[Pkg-varnish-devel] Bug#728989: Bug#728989: Bug#728989: varnish: CVE-2013-4484
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 9 05:33:31 UTC 2013
Hi Stig,
On Mon, Dec 09, 2013 at 01:22:49AM +0100, Stig Sandbeck Mathisen wrote:
> Salvatore Bonaccorso <carnil at debian.org> writes:
>
> > Thanks for fixing this with the 3.0.5-1 upload. Could you please also
> > prepare packages for squeeze-security and wheezy-security? I did
> > already had a look at wheezy today, attached is proposed debdiff (but
> > not yet tested apart the testsuite).
>
> I've prepared:
>
> * varnish_2.1.3-8+deb6u1 for squeeze-security
>
> * varnish_3.0.2-2+deb7u1 for wheezy-security
Thanks! Could you please upload them to security-master (needs to be
built with -sa as it's the first upload for varnish for both
squeeze-security and wheezy-security).
Btw, I would have prefered for review if the patch could be applied
separately via debian/patches/series (I think also Stable Release
Managers would prefer that way when it will hit pu-NEW ;-)).
The debdiff for squeeze-security does not apply cleanly here on top of
2.1.3-8, due to same changes removed as added; but the diff part for
#728989 for debian-changes-2.1.3-8+deb6u1 looks good.
Thanks for your work on this.
Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-varnish-devel/attachments/20131209/64ba5e9b/attachment-0001.sig>
More information about the Pkg-varnish-devel
mailing list