Dominic Hargreaves
2008-Jun-20 22:05 UTC
[Secure-testing-team] Movable Type security issue in testing
Hello, Movable Type 4.1 has been updated to fix a security issue[1]. The version of Movable Type in unstable already fixes this, but since the security issues wasn''t known about at upload time, was uploaded at low urgency. What''s the best way to get this fix into testing? Re-upload with no source changes and urgency=high, or is there a way to override the urgency on an already uploaded package (or should I prepare a package of 4.11 for testing-security?) Thanks, Dominic. [1] http://www.movabletype.org/2008/06/movable_type_security_update_f.html -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
Nico Golde
2008-Jun-21 02:00 UTC
[Secure-testing-team] please bump movabletype-opensource (was: Movable Type security issue in testing)
Hi Dominic, * Dominic Hargreaves <dom at earth.li> [2008-06-21 03:38]:> Movable Type 4.1 has been updated to fix a security issue[1]. The version > of Movable Type in unstable already fixes this, but since the security > issues wasn''t known about at upload time, was uploaded at low urgency. > > What''s the best way to get this fix into testing? Re-upload with no > source changes and urgency=high, or is there a way to override the > urgency on an already uploaded package (or should I prepare a package of > 4.11 for testing-security?)Yes the release team can bump the urgency afterwards in such cases. Release team, can you insert an: age-days 5 movabletype-opensource? Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080621/de084012/attachment.pgp
Neil McGovern
2008-Jun-21 08:19 UTC
[Secure-testing-team] please bump movabletype-opensource (was: Movable Type security issue in testing)
On Sat, Jun 21, 2008 at 04:00:31AM +0200, Nico Golde wrote:> Hi Dominic, > * Dominic Hargreaves <dom at earth.li> [2008-06-21 03:38]: > > Movable Type 4.1 has been updated to fix a security issue[1]. The version > > of Movable Type in unstable already fixes this, but since the security > > issues wasn''t known about at upload time, was uploaded at low urgency. > > > > What''s the best way to get this fix into testing? Re-upload with no > > source changes and urgency=high, or is there a way to override the > > urgency on an already uploaded package (or should I prepare a package of > > 4.11 for testing-security?) > > Yes the release team can bump the urgency afterwards in such > cases. > Release team, can you insert an: > age-days 5 movabletype-opensource? >Done, Neil -- <jmtd> irssiproxy appears to be crack cut with washing up powder -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080621/6751412b/attachment.pgp