Preparing update of 'mafft' to fix #496366 ("grave" security bug).
Hi all,
#496366 was reported on mafft with a severity of "grave". While this severity
is grossly overstated, I got convinced that ignoring the bug for Lenny would
not be good either. I have prepared a patch that fixes the issue:
http://svn.debian.org/wsvn/debian-med/trunk/packages/mafft/trunk/debian/patches/Securisation-by-mktemp-usage.patch?op=file&rev=0&sc=0
Now I have a little problem: our SVN repository already contained unrelated
changes, mostly to enhance the packaging. I really would like to avoid to spend
some time messing with the repository, as well as I would like to avoid to
upload a package that is not produced by the repository. Here are the changes:
[ Charles Plessy ]
* debian/control:
- Moved the Homepage: field out from the package's description.
- Enhances: t-coffee.
* Updated my email address.
* Securisation of the temorary files of mafft-homologs:
- debian/control: build-depend on quilt.
- debian/rules: modified to use quilt.
- debian/README.source: signals that the package uses quilt.
- debian/patches: added a patch to use mktemp (Closes: #496366).
- debian/mafft-homologs.1*, debian/README.Debian: document that the
program is patched.
[ David Paleino ]
* debian/mafft.1, debian/mafft-homologs.1 added - manpages built statically.
* debian/control:
- B-D updated (see above)
- added myself to Uploaders
- moved XS-Vcs-* fields to Vcs-*
- Updated to Standards-Version 3.7.3 (no changes needed)
* debian/rules:
- reflecting static build of manpages
- minor changes
Would you accept this package in Lenny to fix #496366?
Have a nice day,
--
Charles Plessy
Debian Med packaging team,
Tsurumi, Kanagawa, Japan
Reply to: