=== FourDollars_ is now known as FourDollars | ||
=== maxb_ is now known as maxb | ||
=== marlinc_ is now known as Marlinc | ||
=== paddy_ is now known as paddy | ||
TheLordOfTime | i have a question, there's a package which has a pending MIR, but Debian has updated the package in theirs, and includes a CVE fix. For Trusty, am I still allowed to request a merge of the package into Trusty from Debian, even though there's an MIR pending? | 21:26 |
---|---|---|
TheLordOfTime | (rbasak knows which package I'm talking about, in the off chance they see this) | 21:26 |
tumbleweed | why wouldn't you be allowed? | 21:27 |
* TheLordOfTime isn't sure if the pending MIR prevents the merging or something | 21:28 | |
tumbleweed | no | 21:28 |
TheLordOfTime | tumbleweed, considering I'm not well-versed on the whole MIR thing, i wasn't sure... okay, so a merge can still be requested then... | 21:28 |
tumbleweed | MIRs can stay open for ages, anyway | 21:28 |
TheLordOfTime | thanks. | 21:28 |
TheLordOfTime | heh | 21:28 |
TheLordOfTime | cjwatson, ping, since you handled the last merge of nginx, can you pull from Debian Unstable again, 1.4.4-2 when rmadison shows it? It contains a CVE fix for CVE-2013-0337. I'm going to see if I can find the upstream change that fixed that and get that in. (security bug 1193445 is on LP for it) | 21:33 |
ubottu | bug 1193445 in nginx (Ubuntu) "Directory /var/log/nginx is world readable [CVE-2013-0337]" [Medium,Confirmed] https://launchpad.net/bugs/1193445 | 21:33 |
ubottu | The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0337) | 21:33 |
TheLordOfTime | s/pull/merge/ | 21:33 |
cjwatson | TheLordOfTime: will do tomorrow | 21:35 |
TheLordOfTime | cjwatson, thank you kindly. | 21:35 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!