In doing so, I ran in to a few issues with your debdiff, mostly having to do with your changelog entries:
1) security fixes for RELEASE need to be targeted for the RELEASE-security pocket (e.g. maverick-security rather than just maverick) rather than just RELEASE as you would for the release under development. (Similarly, for non-security Stable Release Updates, you'd target to the RELEASE-proposed pocket; they get later copied once approved to the RELEASE-updates pocket.)
2) the maverick debdiff was against the version in maverick, not the version in maverick-updates, and thus failed to apply. When performing security updates, our policy is to apply them on top of the latest existing versions in RELEASE-security or RELEASE-updates, whichever is higher. I also adjusted the versioning. See https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging for more information about our policies here.
3) I adjusted your changelog entry to include the CVE identifiers, a reference to this bug report, and direct URL references to the cherry-picked upstream patches to ease people researching the issue based on the changelog and debdiff.
Hi Serge,
I've gone ahead and uploaded clamav packages to the ubuntu- security- proposed ppa at https:/ /launchpad. net/~ubuntu- security- proposed/ +archive/ ppa/ ; please test and report feedback here.
In doing so, I ran in to a few issues with your debdiff, mostly having to do with your changelog entries:
1) security fixes for RELEASE need to be targeted for the RELEASE-security pocket (e.g. maverick-security rather than just maverick) rather than just RELEASE as you would for the release under development. (Similarly, for non-security Stable Release Updates, you'd target to the RELEASE-proposed pocket; they get later copied once approved to the RELEASE-updates pocket.)
2) the maverick debdiff was against the version in maverick, not the version in maverick-updates, and thus failed to apply. When performing security updates, our policy is to apply them on top of the latest existing versions in RELEASE-security or RELEASE-updates, whichever is higher. I also adjusted the versioning. See https:/ /wiki.ubuntu. com/SecurityTea m/UpdatePrepara tion#Packaging for more information about our policies here.
3) I adjusted your changelog entry to include the CVE identifiers, a reference to this bug report, and direct URL references to the cherry-picked upstream patches to ease people researching the issue based on the changelog and debdiff.
Thanks!