Bug#829606: jessie-pu: package duck/0.7+deb8u1

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 829606@bugs.debian.org
Cc: Simon Kainz <simon@familiekainz.at>
Subject: Bug#829606: jessie-pu: package duck/0.7+deb8u1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 5 Jul 2016 08:12:39 +0200
Message-id: <[🔎] 20160705061239.GA2138@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 829606@bugs.debian.org
In-reply-to: <[🔎] 1467698810.3315.1.camel@adam-barratt.org.uk>
References: <[🔎] 20160704162246.9799.65743.reportbug@iscsichecker.tu-graz.ac.at> <[🔎] 1467698810.3315.1.camel@adam-barratt.org.uk>

Hi Adam,

On Tue, Jul 05, 2016 at 08:06:50AM +0200, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
> 
> On Mon, 2016-07-04 at 18:22 +0200, Simon Kainz wrote:
> > Paul Wise found out that duck rund untrusted code from the current directory as
> > well as the ./lib and ./lib/checks directory. The attached patch fixes this
> > issue.
> 
> +duck (0.7+deb8u1) jessie-security; urgency=high
> 
> That contradicts this request to fix the issue via proposed-updates;
> which is the case?

I confirm we wee in contact with Simon and decided to let this fix be
proposed via a jessie point release. So the targetting distribution
just needs to be adjusted (it is marked as well already in the
security-tracker as no-dsa).

The fix in unstable is in the 0.10 version uploaded yesterday.

Regards,
Salvatore

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Bug#829606: jessie-pu: package duck/0.7+deb8u1
  - From: Simon Kainz <simon@familiekainz.at>
- Bug#829606: jessie-pu: package duck/0.7+deb8u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Processed: Re: Bug#829606: jessie-pu: package duck/0.7+deb8u1
Next by Date: Re: Thinking about a "jessie and a half" release
Previous by thread: Bug#829606: jessie-pu: package duck/0.7+deb8u1
Next by thread: Processed: Re: Bug#829606: jessie-pu: package duck/0.7+deb8u1
Index(es):
- Date
- Thread