[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Preparing update of 'mafft' to fix #496366 ("grave" security bug).

Hi all,

#496366 was reported on mafft with a severity of "grave". While this severity
is grossly overstated, I got convinced that ignoring the bug for Lenny would
not be good either. I have prepared a patch that fixes the issue:


Now I have a little problem: our SVN repository already contained unrelated
changes, mostly to enhance the packaging. I really would like to avoid to spend
some time messing with the repository, as well as I would like to avoid to
upload a package that is not produced by the repository.  Here are the changes:

  [ Charles Plessy ]
  * debian/control:
    - Moved the Homepage: field out from the package's description.
    - Enhances: t-coffee.
  * Updated my email address.
  * Securisation of the temorary files of mafft-homologs:
    - debian/control: build-depend on quilt.
    - debian/rules: modified to use quilt.
    - debian/README.source: signals that the package uses quilt.
    - debian/patches: added a patch to use mktemp (Closes: #496366).
    - debian/mafft-homologs.1*, debian/README.Debian: document that the
      program is patched.

  [ David Paleino ]
  * debian/mafft.1, debian/mafft-homologs.1 added - manpages built statically.
  * debian/control:
    - B-D updated (see above)
    - added myself to Uploaders
    - moved XS-Vcs-* fields to Vcs-*
    - Updated to Standards-Version 3.7.3 (no changes needed)
  * debian/rules:
    - reflecting static build of manpages
    - minor changes

Would you accept this package in Lenny to fix #496366?

Have a nice day,

Charles Plessy
Debian Med packaging team,
Tsurumi, Kanagawa, Japan

Reply to: