Am 03.05.2017 um 11:11 schrieb Mattia Rizzolo: [...] > QED. > > You LTS upload broke libpodofo ABI. The symbol > _ZNK6PoDoFo7PdfPage25GetInheritedKeyFromObjectEPKcPKNS_9PdfObjectE@Base > as present in the wheezy version (libpodofo0.9.0_0.9.0-1.1+b1_amd64.deb) > became > _ZNK6PoDoFo7PdfPage25GetInheritedKeyFromObjectEPKcPKNS_9PdfObjectEi@Base > in wheezy-security (libpodofo0.9.0_0.9.0-1.1+deb7u1_amd64.deb). > > Now, I do not know what's LTS policy about silent ABI breakage, but I > doubt you are OK with that. > > > That's in particular caused by > https://anonscm.debian.org/git/collab-maint/libpodofo.git/tree/debian/patches/CVE-2017-5852.patch?h=debian/0.9.0-1.1%2bdeb7u1#n123 > > - const PdfObject* GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject ) const; > + const PdfObject* GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject, int depth = 0 ) const; > > > ATM, I don't know how to fix that CVE without breaking the ABI. Hi, this is a private method and should not break the applications in Wheezy. I have tested all applications before the upload and have not found any issues. We could rebuild all of them but I don't think this is necessary. Regards, Markus
Attachment:
signature.asc
Description: OpenPGP digital signature