Debian Bug report logs - #642579
opu: package openssl/0.9.8g-15+lenny13

version graph

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Raphael Geissert <geissert@debian.org>

Date: Sat, 24 Sep 2011 04:33:01 UTC

Severity: normal

Tags: lenny

Fixed in version 5.0.9

Done: Adam D. Barratt <adam@adam-barratt.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#642579; Package release.debian.org. (Sat, 24 Sep 2011 04:33:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Geissert <geissert@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 24 Sep 2011 04:33:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: submit@bugs.debian.org
Subject: opu: package openssl/0.9.8g-15+lenny12
Date: Fri, 23 Sep 2011 23:29:55 -0500
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: opu

Hi,

If possible, I'd like to make an update to openssl to fix CVE-2011-3207 in 
lenny (and squeeze.) I don't have the final debdiff as of this time, but the 
only change is upstream's fix [1]

Will send the debdiff tomorrow morning on my TZ, but I wanted to give a heads 
up because of the point release freeze deadline.

Please let me know if it's still feasible. It ain't an urgent issue anyway.

Thanks in advance.

[1]http://cvs.openssl.org/chngview?cn=21334

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#642579; Package release.debian.org. (Sat, 24 Sep 2011 04:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Geissert <geissert@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 24 Sep 2011 04:45:03 GMT) Full text and rfc822 format available.

Message #10 received at 642579@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: 642579@bugs.debian.org
Subject: Re: opu: package openssl/0.9.8g-15+lenny12
Date: Fri, 23 Sep 2011 23:40:44 -0500
On Friday 23 September 2011 23:29:55 Raphael Geissert wrote:
> If possible, I'd like to make an update to openssl to fix CVE-2011-3207 in
> lenny (and squeeze.) I don't have the final debdiff as of this time, but
> the only change is upstream's fix [1]

Erm, that should read CVE-2011-3210.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#642579; Package release.debian.org. (Sat, 24 Sep 2011 12:27:15 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 24 Sep 2011 12:27:16 GMT) Full text and rfc822 format available.

Message #15 received at 642579@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Raphael Geissert <geissert@debian.org>, 642579@bugs.debian.org
Subject: Re: Bug#642579: opu: package openssl/0.9.8g-15+lenny12
Date: Sat, 24 Sep 2011 13:23:32 +0100
retitle 642579 opu: package openssl/0.9.8g-15+lenny13
clone 642579 -1
user release.debian.org@packages.debian.org
usertag -1 -opu
usertag -1 +pu
retitle -1 pu: package openssl/0.9.8o-4squeeze3
tag -1 + squeeze
tag 642579 + lenny
thanks

On Fri, 2011-09-23 at 23:29 -0500, Raphael Geissert wrote:
> If possible, I'd like to make an update to openssl to fix CVE-2011-3207

-3210, as per your second mail.

> in lenny (and squeeze.)

Let's make this two bugs then.

> I don't have the final debdiff as of this time, but the 
> only change is upstream's fix [1]

That looks sane enough.  Given that it appears to have been resolved in
the same upstream release as -3207 and -1945, it would have been nice if
it could have been included in -4squeeze2 and -15+lenny12, which
resolved the latter.  Ah well.

> Will send the debdiff tomorrow morning on my TZ, but I wanted to give a heads 
> up because of the point release freeze deadline.
> 
> Please let me know if it's still feasible. It ain't an urgent issue anyway.

It's certainly feasible for squeeze.  Lenny should be doable, assuming
the upload doesn't get delayed.

Regards,

Adam





Changed Bug title to 'opu: package openssl/0.9.8g-15+lenny13' from 'opu: package openssl/0.9.8g-15+lenny12' Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Sat, 24 Sep 2011 12:27:20 GMT) Full text and rfc822 format available.

Bug 642579 cloned as bug 642605. Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Sat, 24 Sep 2011 12:27:20 GMT) Full text and rfc822 format available.

Added tag(s) lenny. Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Sat, 24 Sep 2011 12:27:31 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#642579; Package release.debian.org. (Sat, 24 Sep 2011 18:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Geissert <geissert@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 24 Sep 2011 18:33:03 GMT) Full text and rfc822 format available.

Message #26 received at 642579@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: 642579@bugs.debian.org
Cc: 642605-quiet@bugs.debian.org
Subject: Re: Bug#642579: opu: package openssl/0.9.8g-15+lenny12
Date: Sat, 24 Sep 2011 13:31:19 -0500
[Message part 1 (text/plain, inline)]
On Saturday 24 September 2011 07:23:32 Adam D. Barratt wrote:
> retitle 642579 opu: package openssl/0.9.8g-15+lenny13

Right, I screwed up the title; sigh.

> On Fri, 2011-09-23 at 23:29 -0500, Raphael Geissert wrote:
> > I don't have the final debdiff as of this time, but the
> > only change is upstream's fix [1]
> 
> That looks sane enough.  Given that it appears to have been resolved in
> the same upstream release as -3207 and -1945, it would have been nice if
> it could have been included in -4squeeze2 and -15+lenny12, which
> resolved the latter.  Ah well.

I originally intended to do so, but I only had the patch for the 1.0.0 branch, 
which wouldn't apply to 0.9.8. Later Kurt kindly pointed me to the commit for 
the right branch, but the packages had already been built everywhere.

> > Will send the debdiff tomorrow morning on my TZ, but I wanted to give a
> > heads up because of the point release freeze deadline.
> > 
> > Please let me know if it's still feasible. It ain't an urgent issue
> > anyway.
> 
> It's certainly feasible for squeeze.  Lenny should be doable, assuming
> the upload doesn't get delayed.

After two power failures and lots of connectivity issues, I think lenny13 
should be on your hands now. Attached is the debdiff just for the sake of 
completeness.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
[ossl_lenny13.debdiff (text/x-patch, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#642579; Package release.debian.org. (Sat, 24 Sep 2011 21:30:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 24 Sep 2011 21:30:06 GMT) Full text and rfc822 format available.

Message #31 received at 642579@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Raphael Geissert <geissert@debian.org>, 642579@bugs.debian.org
Cc: 642605-quiet@bugs.debian.org
Subject: Re: Bug#642579: opu: package openssl/0.9.8g-15+lenny12
Date: Sat, 24 Sep 2011 22:27:17 +0100
tag 642579 + pending
thanks

On Sat, 2011-09-24 at 13:31 -0500, Raphael Geissert wrote:
> On Saturday 24 September 2011 07:23:32 Adam D. Barratt wrote:
> > On Fri, 2011-09-23 at 23:29 -0500, Raphael Geissert wrote:
> > > Will send the debdiff tomorrow morning on my TZ, but I wanted to give a
> > > heads up because of the point release freeze deadline.
> > > 
> > > Please let me know if it's still feasible. It ain't an urgent issue
> > > anyway.
> > 
> > It's certainly feasible for squeeze.  Lenny should be doable, assuming
> > the upload doesn't get delayed.
> 
> After two power failures and lots of connectivity issues, I think lenny13 
> should be on your hands now. Attached is the debdiff just for the sake of 
> completeness.

Yep, and flagged for acceptance at the next dinstall; thanks.

Regards,

Adam





Added tag(s) pending. Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Sat, 24 Sep 2011 21:30:10 GMT) Full text and rfc822 format available.

Bug marked as fixed in version 5.0.9, send any further explanations to Raphael Geissert <geissert@debian.org> Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Thu, 06 Oct 2011 18:09:06 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 04 Nov 2011 07:44:07 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 00:34:16 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.