[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Pkg-phototools-devel] Jessie update of libexif?

On Mon, 2020-05-25 at 00:13 +1000, Hugh McMaster wrote:
> Hi Adam,
> On Thu, 21 May 2020 at 19:34, Adam D. Barratt wrote:
> > On Thu, 2020-05-21 at 09:30 +0000, Mike Gabriel wrote:
> > > Sorry for the delay. I have uploaded +deb9u2 and +deb10u2 of
> > > libexif  
> > > now. I will write the SRU acceptance request bugs this afternoon.
> > > 
> > 
> > There's already #961019 and #961020...
> Owing to three more CVEs in libexif, I need to prepare new releases
> for Jessie, Stretch and Buster.
> For Stretch and Buster, should the debdiff show changes against the
> current (old)stable release or changes against the most recent
> proposed version?
> Put another way, should this new version be +deb9u2 (replacing the
> proposed version) or +deb9u3 (an incremented version)?

Personally, it probably makes more sense for the new stretch version to
be +deb9u3, built on top of the already uploaded package (and similar
for buster) with a second release.d.o bug describing the new fixes.

You /can/ re-use the version if that would be preferable, as the
package is still in (old)stable-new right now, but that will require a
reject+reupload cycle, and presumably corresponding re-tag on the git

I'm assuming that all of the fixes are either already present in
unstable, or aren't relevant there.



Reply to: