Re: tmpreaper jessie update

To: Hugo Lefeuvre <hle@debian.org>
Cc: team@security.debian.org, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: tmpreaper jessie update
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 24 Jan 2019 10:41:26 +0100
Message-id: <[🔎] 20190124094126.s32au6kz2fzum5jf@inutil.org>
In-reply-to: <[🔎] 20190124081637.GB1421@hle-laptop>
References: <[🔎] 20190124081637.GB1421@hle-laptop>

On Thu, Jan 24, 2019 at 09:16:37AM +0100, Hugo Lefeuvre wrote:
> Dear security team,
> 
> I'm currently preparing a jessie security update addressing CVE-2019-3461,
> based on 1.6.13+nmu1+deb9u1 (stretch version).
> 
> I see that the diff is quite huge (same code as buster 1.6.14 right?) and
> adds a new libmount-dev dependency. I've had a look at the diff, tested it
> in jessie and so far I'm fine with that (especially because it was already
> uploaded to stretch).

The new libmount dependency is necessary for the new check used by the security
fix. Most of the additional autoconf noise is related to that new dependency
and to the fact that the last upload to unstable before the 1.6.14 one was in 2010.

If the debdiff for jessie is identical to the one in stretch (the base versions
are identical after all), do a few functionality tests and you should be good.
If you strip the autoconf bits, the debdiff is also pretty small.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: tmpreaper jessie update
  - From: Hugo Lefeuvre <hle@debian.org>

References:
- tmpreaper jessie update
  - From: Hugo Lefeuvre <hle@debian.org>

Prev by Date: tmpreaper jessie update
Next by Date: Re: tmpreaper jessie update
Previous by thread: tmpreaper jessie update
Next by thread: Re: tmpreaper jessie update
Index(es):
- Date
- Thread