Re: RFS: xpdf (updated package)
On Sun, 7 Feb 2010 19:19:37 +0100 Nico Golde wrote:
> * Michael Gilbert [2010-02-07 18:22]:
> > I have prepared an updated package for xpdf that fixes quite a few
> > security issues (and a couple cosmetic ones as well). The package is
> > available at . Note that I've built updated etch and lenny packages
> > there as well, which I am getting sponsorship from the security team.
> > They can be ignored.
> > Would anyone be willing to sponsor this upload?
> Please split the security patches into separated files for each CVE id.
> Otherwise it's impossible to check whether you fixed all of them or not.
If the upstream patch is split up, I think it will actually make it a
lot more difficult to verify my work. The upstream patch ,,
lumps all of these CVEs into one file. Note that reference  is linked
from all of the mitre CVE pages as the patch for all of these issues.
If splitting up the upstream patch is the right thing to do, then I
will certainly do that, but it seems a bit like busy work, and I think
it actually makes your work harder. Please advise.