Comment 13 for bug 673654

Steve Beattie (sbeattie) wrote :

Hi Serge,

I've gone ahead and uploaded clamav packages to the ubuntu-security-proposed ppa at https://launchpad.net/~ubuntu-security-proposed/+archive/ppa/ ; please test and report feedback here.

In doing so, I ran in to a few issues with your debdiff, mostly having to do with your changelog entries:

1) security fixes for RELEASE need to be targeted for the RELEASE-security pocket (e.g. maverick-security rather than just maverick) rather than just RELEASE as you would for the release under development. (Similarly, for non-security Stable Release Updates, you'd target to the RELEASE-proposed pocket; they get later copied once approved to the RELEASE-updates pocket.)

2) the maverick debdiff was against the version in maverick, not the version in maverick-updates, and thus failed to apply. When performing security updates, our policy is to apply them on top of the latest existing versions in RELEASE-security or RELEASE-updates, whichever is higher. I also adjusted the versioning. See https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging for more information about our policies here.

3) I adjusted your changelog entry to include the CVE identifiers, a reference to this bug report, and direct URL references to the cherry-picked upstream patches to ease people researching the issue based on the changelog and debdiff.

Thanks!