Hi Antoine, On Mon, May 09, 2016 at 05:09:30PM +0200, Markus Koschany wrote: > Hello Roberto, welcome on board! > > Am 08.05.2016 um 05:34 schrieb Roberto C. Sánchez: > > > I pulled the patch for CVE-2015-4844 from the upstream jdk8u project > > (based on the commit reference in openjdk-8's debian/changelog). I > > confirmed that this fix matched what was done by upstream in their > > subversion repository. > > > > I pulled the patch for CVE-2016-0494 from the upstream jdk8u project > > (based on the commit reference in openjdk-8's debian/changelog). I > > attempted to confirm this fix in upstream's subversion repository, but > > it appears to not have been fixed upstream yet. > > Antoine (anarcat) fixed this issue for Squeeze LTS and he also left some > comments at > > https://ssl.icu-project.org/trac/ticket/12020 > > He also changed the runConfigure script and his patch for CVE-2016-0494 > looks different to me. Perhaps you should contact him (or he will simply > respond to this message because he is subscribed too), discuss this > patch with him and ask him why his approach contains more changes than > the original upstream commit at > > http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/f556d4c82ef1 > Do you think you might have some time to review the icu updated I prepared for wheezy? https://people.debian.org/~roberto/icu_4.8.1.1-12+deb7u4.dsc https://people.debian.org/~roberto/icu_4.8.1.1-12+deb7u3_deb7u4.diff I would appreciate your feedback, particularly on the patch for CVE-2016-0494. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature