Bug#726874: pu: package darktable/1.0.4-1+deb7u1

To: 726874@bugs.debian.org
Cc: David Bremner <bremner@debian.org>
Subject: Bug#726874: pu: package darktable/1.0.4-1+deb7u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Tue, 29 Oct 2013 20:10:09 +0000
Message-id: <[🔎] 1383077409.4272.20.camel@jacala.jungle.funky-badger.org>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 726874@bugs.debian.org
In-reply-to: <[🔎] 1382302306.31413.39.camel@jacala.jungle.funky-badger.org>
References: <[🔎] 20131020021255.19205.30411.reportbug@zancas.localnet> <[🔎] 1382302306.31413.39.camel@jacala.jungle.funky-badger.org>

Control: tags -1 + pending

On Sun, 2013-10-20 at 21:51 +0100, Adam D. Barratt wrote:
> On Sat, 2013-10-19 at 23:12 -0300, David Bremner wrote:
> > I have prepared a targeted upload which closes two CVEs.
> > 
> > These are relatively mild security bugs in the embedded copy of libraw
> > (which cannot be trivially removed, alas). 
> > 
> > A debdiff is attached.  I believe the risk of the update is relatively
> > low, since according to darktable upstream only a few code paths
> > actually use libraw. On the other hand, I did have to monkey with the
> > patch a bit by hand to get it to apply, since libraw upstream provided
> > a patch against a later version.
> 
> Assuming the patch has been tested on a stable system, please go ahead;
> thanks.

For the record, the upload occurred and I've just flagged the package
for acceptance; thanks.

Regards,

Adam

Reply to:

References:
- Bug#726874: pu: package darktable/1.0.4-1+deb7u1
  - From: David Bremner <bremner@debian.org>
- Bug#726874: pu: package darktable/1.0.4-1+deb7u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Processed: Re: Bug#726874: pu: package darktable/1.0.4-1+deb7u1
Next by Date: Processed: Re: Bug#727007: pu: package nsd3/3.2.12-3+deb7u1
Previous by thread: Bug#726874: pu: package darktable/1.0.4-1+deb7u1
Next by thread: Processed: Re: Bug#726874: pu: package darktable/1.0.4-1+deb7u1
Index(es):
- Date
- Thread