/srv/irclogs.ubuntu.com/2013/12/27/#ubuntu-motu.txt

=== FourDollars_ is now known as FourDollars
=== maxb_ is now known as maxb
=== marlinc_ is now known as Marlinc
=== paddy_ is now known as paddy
TheLordOfTime	i have a question, there's a package which has a pending MIR, but Debian has updated the package in theirs, and includes a CVE fix. For Trusty, am I still allowed to request a merge of the package into Trusty from Debian, even though there's an MIR pending?	21:26
TheLordOfTime	(rbasak knows which package I'm talking about, in the off chance they see this)	21:26
tumbleweed	why wouldn't you be allowed?	21:27
* TheLordOfTime isn't sure if the pending MIR prevents the merging or something		21:28
tumbleweed	no	21:28
TheLordOfTime	tumbleweed, considering I'm not well-versed on the whole MIR thing, i wasn't sure... okay, so a merge can still be requested then...	21:28
tumbleweed	MIRs can stay open for ages, anyway	21:28
TheLordOfTime	thanks.	21:28
TheLordOfTime	heh	21:28
TheLordOfTime	cjwatson, ping, since you handled the last merge of nginx, can you pull from Debian Unstable again, 1.4.4-2 when rmadison shows it? It contains a CVE fix for CVE-2013-0337. I'm going to see if I can find the upstream change that fixed that and get that in. (security bug 1193445 is on LP for it)	21:33
ubottu	bug 1193445 in nginx (Ubuntu) "Directory /var/log/nginx is world readable [CVE-2013-0337]" [Medium,Confirmed] https://launchpad.net/bugs/1193445	21:33
ubottu	The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0337)	21:33
TheLordOfTime	s/pull/merge/	21:33
cjwatson	TheLordOfTime: will do tomorrow	21:35
TheLordOfTime	cjwatson, thank you kindly.	21:35

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!