Re: CVE-2016-8685 in potrace

To: Hugo Lefeuvre <hle@debian.org>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: CVE-2016-8685 in potrace
From: Ola Lundqvist <ola@inguza.com>
Date: Sun, 9 Apr 2017 20:33:29 +0200
Message-id: <[🔎] CABY6=0=0NuvYkZNCEdM65MS7U7058=b+OSM3KqjgcVBrCksCWQ@mail.gmail.com>
In-reply-to: <[🔎] 20170408233353.4xfa57w6hjonuf5o@hle-laptop.local>
References: <20170330142938.dlwobb5e7v3yugn3@hle-laptop.local> <[🔎] CABY6=0m=VwsRc-T1AfVTVHLPpEGqR_LiXuRPTJ7A_rn3ggHDvA@mail.gmail.com> <[🔎] 20170402090659.wyum46tkpdr7x77t@hle-laptop.local> <[🔎] CABY6=0=+S6E3Ln2wP9JiEfVCLW8bK51OX9q9WrR3B1Ov5vXR1A@mail.gmail.com> <[🔎] 1491277023.12745.37.camel@decadent.org.uk> <[🔎] 20170404093237.n3v3idtjhno5c3wm@hle-laptop.local> <[🔎] 1491312233.12745.38.camel@decadent.org.uk> <[🔎] 20170405133254.tlmeyv2mpn73vu7w@hle-laptop.local> <[🔎] 20170408233353.4xfa57w6hjonuf5o@hle-laptop.local>

Hi Hugo

Looks good to me.

The mistake regarding CFILES is quite understandable considering that it just had very common things in it. Very easy to miss that.

Best regards

// Ola

On 9 April 2017 at 01:33, Hugo Lefeuvre <hle@debian.org> wrote:

Hi,

I have prepared the potrace update fixing CVE-2016-8685 and would like
to upload it. However, I had to modify debian/rules slightly more than
excepted because in its current state, the CFLAGS variable defined by
debian/rules isn't passed properly to the configure script. Actually
CFLAGS is neither exported, nor passed to ./configure as argument...

I don't understand that such a mistake is present in this rules file.

Could somebody take a look at the debdiff and confirm me that these
changes to debian/rules are pertinent ?

Cheers,

Hugo

--
Hugo Lefeuvre (hle) | www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

--

--- Inguza Technology AB --- MSc in Information Technology ----

/ ola@inguza.com Folkebogatan 26 \

| opal@debian.org 654 68 KARLSTAD |

| http://inguza.com/ Mobile: +46 (0)70-332 1551 |

\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /

---------------------------------------------------------------

Reply to:

References:
- Re: CVE-2016-8685 in potrace
  - From: Ola Lundqvist <ola@inguza.com>
- Re: CVE-2016-8685 in potrace
  - From: Hugo Lefeuvre <hle@debian.org>
- Re: CVE-2016-8685 in potrace
  - From: Ola Lundqvist <ola@inguza.com>
- Re: CVE-2016-8685 in potrace
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: CVE-2016-8685 in potrace
  - From: Hugo Lefeuvre <hle@debian.org>
- Re: CVE-2016-8685 in potrace
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: CVE-2016-8685 in potrace
  - From: Hugo Lefeuvre <hle@debian.org>
- Re: CVE-2016-8685 in potrace
  - From: Hugo Lefeuvre <hle@debian.org>

Prev by Date: Wheezy update of libsndfile?
Next by Date: LTS Activity report for March 2017
Previous by thread: Re: CVE-2016-8685 in potrace
Next by thread: March Report
Index(es):
- Date
- Thread