I'll update the upstream commits and do testing tomorrow.
I want our current 2.0.1 to be released to xenial-updates before we push that security update, but that should happen tomorrow so we'll be fine.
How long do you need after I have the final upstream fixes until we can push the new version out?
I plan on providing:
- Fix for CVE-2016-1581
- Fix for CVE-2016-1582 (requires CVE-2016-1581 to be applied first)
- Upstream release tarball for 2.0.2 (and matching GPG signature)
- Source package for the Xenial upload.
I'll take care of the Yakkety upload myself once the Xenial one is out (I'll bundle a few more packaging changes in the yakkety one).
It's the first time that we do a security only release so it's going to be pretty manual on our end (can't rely on our github/jeknins tooling as it's all public) but it'll be a good experience to see what can be automated should we have to go through this more frequently.
Thanks.
I'll update the upstream commits and do testing tomorrow.
I want our current 2.0.1 to be released to xenial-updates before we push that security update, but that should happen tomorrow so we'll be fine.
How long do you need after I have the final upstream fixes until we can push the new version out?
I plan on providing:
- Fix for CVE-2016-1581
- Fix for CVE-2016-1582 (requires CVE-2016-1581 to be applied first)
- Upstream release tarball for 2.0.2 (and matching GPG signature)
- Source package for the Xenial upload.
I'll take care of the Yakkety upload myself once the Xenial one is out (I'll bundle a few more packaging changes in the yakkety one).
It's the first time that we do a security only release so it's going to be pretty manual on our end (can't rely on our github/jeknins tooling as it's all public) but it'll be a good experience to see what can be automated should we have to go through this more frequently.