=== FourDollars_ is now known as FourDollars
=== maxb_ is now known as maxb
=== marlinc_ is now known as Marlinc
=== paddy_ is now known as paddy
[21:26] <TheLordOfTime> i have a question, there's a package which has a pending MIR, but Debian has updated the package in theirs, and includes a CVE fix.  For Trusty, am I still allowed to request a merge of the package into Trusty from Debian, even though there's an MIR pending?
[21:26] <TheLordOfTime> (rbasak knows which package I'm talking about, in the off chance they see this)
[21:27] <tumbleweed> why wouldn't you be allowed?
[21:28]  * TheLordOfTime isn't sure if the pending MIR prevents the merging or something
[21:28] <tumbleweed> no
[21:28] <TheLordOfTime> tumbleweed, considering I'm not well-versed on the whole MIR thing, i wasn't sure... okay, so a merge can still be requested then...
[21:28] <tumbleweed> MIRs can stay open for ages, anyway
[21:28] <TheLordOfTime> thanks.
[21:28] <TheLordOfTime> heh
[21:33] <TheLordOfTime> cjwatson, ping, since you handled the last merge of nginx, can you pull from Debian Unstable again, 1.4.4-2 when rmadison shows it?  It contains a CVE fix for CVE-2013-0337.  I'm going to see if I can find the upstream change that fixed that and get that in.  (security bug 1193445 is on LP for it)
[21:33] <ubottu> bug 1193445 in nginx (Ubuntu) "Directory /var/log/nginx is world readable [CVE-2013-0337]" [Medium,Confirmed] https://launchpad.net/bugs/1193445
[21:33] <ubottu> The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0337)
[21:33] <TheLordOfTime> s/pull/merge/
[21:35] <cjwatson> TheLordOfTime: will do tomorrow
[21:35] <TheLordOfTime> cjwatson, thank you kindly.