Univention Bugzilla – Full Text Bug Listing |
Summary: | wget: minor issues (4.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P5 | CC: | best |
Version: | UCS 4.2 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.2-1-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) | ||
Bug Depends on: | 41662 | ||
Bug Blocks: |
Description
Arvid Requate
2017-08-10 14:58:19 CEST
I've moved the advisory to ucs-4.2-0/doc/errata/staging, because the package has been imported to ucs-4.2-0. The following patch should be merged too and applied during build: ~/svn/patches/wget/4.1-0-0-ucs/1.13.4-3+deb7u4-errata4.1-4/39940_fix_memory_hog.patch (In reply to Arvid Requate from comment #1) > I've moved the advisory to ucs-4.2-0/doc/errata/staging, because the package > has been imported to ucs-4.2-0. 4.2-0 is out-of-maintenance! <http://updates.software-univention.de/download/ucs-maintenance/4.2-0.yaml>: maintained: false So please revert r82011 to move back all those .yaml files to 4.2-1 and add ignore: [version.scope] as announce_errata can pick any scope directory as source. > The following patch should be merged too and applied during build: > > ~/svn/patches/wget/4.1-0-0-ucs/1.13.4-3+deb7u4-errata4.1-4/ > 39940_fix_memory_hog.patch No need: $ grep debian.org 4.1-0-0-ucs/1.13.4-3+deb7u4-errata4.1-4/39940_fix_memory_hog.patch <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642563> $ curl -s http://metadata.ftp-master.debian.org/changelogs/main/w/wget/wget_1.16-1+deb8u2_changelog | grep 642563 - Fix a memory leak problem in the GNU TLS backend. closes: #642563 $ curl -s https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642563 | grep Fixed <p>Fixed in version wget/1.14-1</p> $ repo_get_version.py -r 4.2 -s errata4.2-0 -p wget | grep version Current version: 1.16-1+deb8u2 $ dpkg --compare-versions 1.14-1 le 1.16-1+deb8u2 ; echo $? 0 Ok, right 1.16-1 has the patch. > 4.2-0 is out-of-maintenance! Correct, that's why the advisory says version: [1] That's the destination side. As far as Jenek told me, the svn branch where the advisory is stored needs to correspond to the scope where the new packages are to be taken from, which seems to be errata4.2-0 in this case. At least I had to include that scope for the QA. > So please revert r82011 to move back all those .yaml files to 4.2-1 and add > ignore: [version.scope] > as announce_errata can pick any scope directory as source. How? If that's required then please document in the wiki under which condition that is applicable. Ok, I've moved the advisory back as recommended by you. The announce tool relies of the "scope: " field in the advisory, which is correct. I've added this bug number to the advisory. |