<div dir="ltr">Hi Kurt<div><br></div><div>Yes I guess they were published today.</div><div><br></div><div>It is very good if you can fix this also for oldstable. I guess if a new upstream version is acceptable for stable it should be acceptable for oldstable as well.</div><div>Unless you know of any obvious negative impact of course.</div><div><br></div><div>If you release the same revision as for stable I guess you should change a few of the ones I marked with no-dsa as well.</div><div><br></div><div>Thank you</div><div><br></div><div>// Ola</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 21 November 2016 at 23:32, Kurt Roeckx <span dir="ltr"><<a href="mailto:kurt@roeckx.be" target="_blank">kurt@roeckx.be</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Mon, Nov 21, 2016 at 11:13:13PM +0100, Ola Lundqvist wrote:<br>
> Hello dear maintainer(s),<br>
><br>
> The Debian LTS team would like to fix the security issues which are<br>
> currently open in the Wheezy version of ntp:<br>
> <a href="https://security-tracker.debian.org/tracker/CVE-2016-7426" rel="noreferrer" target="_blank">https://security-tracker.<wbr>debian.org/tracker/CVE-2016-<wbr>7426</a><br>
> <a href="https://security-tracker.debian.org/tracker/CVE-2016-7427" rel="noreferrer" target="_blank">https://security-tracker.<wbr>debian.org/tracker/CVE-2016-<wbr>7427</a><br>
> <a href="https://security-tracker.debian.org/tracker/CVE-2016-7428" rel="noreferrer" target="_blank">https://security-tracker.<wbr>debian.org/tracker/CVE-2016-<wbr>7428</a><br>
> <a href="https://security-tracker.debian.org/tracker/CVE-2016-7434" rel="noreferrer" target="_blank">https://security-tracker.<wbr>debian.org/tracker/CVE-2016-<wbr>7434</a><br>
> <a href="https://security-tracker.debian.org/tracker/CVE-2016-9310" rel="noreferrer" target="_blank">https://security-tracker.<wbr>debian.org/tracker/CVE-2016-<wbr>9310</a><br>
> <a href="https://security-tracker.debian.org/tracker/CVE-2016-9311" rel="noreferrer" target="_blank">https://security-tracker.<wbr>debian.org/tracker/CVE-2016-<wbr>9311</a><br>
> <a href="https://security-tracker.debian.org/tracker/CVE-2016-9312" rel="noreferrer" target="_blank">https://security-tracker.<wbr>debian.org/tracker/CVE-2016-<wbr>9312</a><br>
<br>
</span>You mean those that were published today?<br>
<span class=""><br>
> Would you like to take care of this yourself?<br>
<br>
</span>If I fix them for stable, I'll also fix them for oldstable. It's<br>
the same upstream version, the patches are identical.<br>
<br>
But I just have a new tarball, and diffstat shows:<br>
187 files changed, 8094 insertions(+), 4295 deletions(-)<br>
<br>
And bitkeeper and the git don't have any of the patches.<br>
(Even if they did, it would be non-obvious which commits you need,<br>
they are really good like that.)<br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
Kurt<br>
<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div><font face="courier new, monospace" size="1"> --- Inguza Technology AB --- MSc in Information Technology ----</font></div><div><font face="courier new, monospace" size="1">/ <a href="mailto:ola@inguza.com" target="_blank">ola@inguza.com</a> Folkebogatan 26 \</font></div><div><font face="courier new, monospace" size="1">| <a href="mailto:opal@debian.org" target="_blank">opal@debian.org</a> 654 68 KARLSTAD |</font></div><div><font face="courier new, monospace" size="1">| <a href="http://inguza.com/" target="_blank">http://inguza.com/</a> Mobile: +46 (0)70-332 1551 |</font></div><div><font face="courier new, monospace" size="1">\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /</font></div><div><font face="courier new, monospace" size="1"> ---------------------------------------------------------------</font></div></div><div><br></div></div></div></div></div>
</div>