Ian Jackson
2017-May-04 17:19 UTC
[Pkg-xen-devel] Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214
Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"):> On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote: > > Should I put jessie-security in the debian/changelog and dgit push it > > (ie, from many people's pov, dput it) ? > > Yes, the distribution line should be jessie-security, but please send > a debdiff to team at security.debian.org for a quick review before > uploading (I have no idea whether dgit supports security-master).I'll send you a debdiff, thanks. I guess I'll find out whether dgit does work or not. I need to check the armhf build, since there are conflicts there. I don't think I can conveniently test the armhf version. Ian.
Moritz Muehlenhoff
2017-May-04 17:25 UTC
[Pkg-xen-devel] Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214
On Thu, May 04, 2017 at 06:19:07PM +0100, Ian Jackson wrote:> Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"): > > On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote: > > > Should I put jessie-security in the debian/changelog and dgit push it > > > (ie, from many people's pov, dput it) ? > > > > Yes, the distribution line should be jessie-security, but please send > > a debdiff to team at security.debian.org for a quick review before > > uploading (I have no idea whether dgit supports security-master). > > I'll send you a debdiff, thanks. I guess I'll find out whether dgit > does work or not. > > I need to check the armhf build, since there are conflicts there. I > don't think I can conveniently test the armhf version.You mean CVE-2016-9815-CVE-2016-9818? We can simply leave them unfixed/ignored I guess, it's not that there's any arm-based cloud hosting companies running jessie on arm :-) Cheers, Moritz
Ian Jackson
2017-May-04 17:43 UTC
[Pkg-xen-devel] Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214
Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"):> On Thu, May 04, 2017 at 06:19:07PM +0100, Ian Jackson wrote: > > I need to check the armhf build, since there are conflicts there. I > > don't think I can conveniently test the armhf version. > > You mean CVE-2016-9815-CVE-2016-9818? We can simply leave them > unfixed/ignored I guess, it's not that there's any arm-based cloud > hosting companies running jessie on arm :-)No. I mean XSA-213, which doesn't have a CVE because MITRE :-/. Ian.