Re: [Pkg-phototools-devel] Jessie update of libexif?
On Mon, 2020-05-25 at 00:13 +1000, Hugh McMaster wrote:
> Hi Adam,
> On Thu, 21 May 2020 at 19:34, Adam D. Barratt wrote:
> > On Thu, 2020-05-21 at 09:30 +0000, Mike Gabriel wrote:
> > > Sorry for the delay. I have uploaded +deb9u2 and +deb10u2 of
> > > libexif
> > > now. I will write the SRU acceptance request bugs this afternoon.
> > >
> > There's already #961019 and #961020...
> Owing to three more CVEs in libexif, I need to prepare new releases
> for Jessie, Stretch and Buster.
> For Stretch and Buster, should the debdiff show changes against the
> current (old)stable release or changes against the most recent
> proposed version?
> Put another way, should this new version be +deb9u2 (replacing the
> proposed version) or +deb9u3 (an incremented version)?
Personally, it probably makes more sense for the new stretch version to
be +deb9u3, built on top of the already uploaded package (and similar
for buster) with a second release.d.o bug describing the new fixes.
You /can/ re-use the version if that would be preferable, as the
package is still in (old)stable-new right now, but that will require a
reject+reupload cycle, and presumably corresponding re-tag on the git
I'm assuming that all of the fixes are either already present in
unstable, or aren't relevant there.