Re: CVE-2020-10938/graphicsmagick and additional upstream change

To: Moritz Mühlenhoff <jmm@inutil.org>
Cc: debian-lts@lists.debian.org, team@security.debian.org
Subject: Re: CVE-2020-10938/graphicsmagick and additional upstream change
From: Roberto C. Sánchez <roberto@debian.org>
Date: Mon, 13 Apr 2020 09:49:52 -0400
Message-id: <[🔎] 20200413134912.GV27150@connexer.com>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, Moritz Mühlenhoff <jmm@inutil.org>, debian-lts@lists.debian.org, team@security.debian.org
In-reply-to: <[🔎] 20200413134304.GA1737144@pisco.westfalen.local>
References: <20200330142635.GG22572@connexer.com> <[🔎] 20200413134304.GA1737144@pisco.westfalen.local>

On Mon, Apr 13, 2020 at 03:43:04PM +0200, Moritz Mühlenhoff wrote:
> On Mon, Mar 30, 2020 at 10:26:35AM -0400, Roberto C. Sánchez wrote:
> >  2. Leave the change set intact with both functional changes, and:
> >     a. mention only CVE-2020-10938 in debian/changelog and the
> >        associated advisories
> 
> I think that one makes the most sense, it's common that related changes
> get cherrypicked alongside after all.
> 
Hi Moritz,

Thanks for the guidance.  I will proceed with preparing the update for
jessie, stretch, and buster.  I will then publish the package and
advisory for jessie and will submit the stretch and buster debdiffs to
the security team for review before proceeding with any action relative
to stretch and buster.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Reply to:

References:
- Re: CVE-2020-10938/graphicsmagick and additional upstream change
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: Re: CVE-2020-10938/graphicsmagick and additional upstream change
Next by Date: Re: Xen update request and status
Previous by thread: Re: CVE-2020-10938/graphicsmagick and additional upstream change
Next by thread: Re: Xen update request and status
Index(es):
- Date
- Thread