Bug#785254: jessie-pu: package didjvu/0.2.8-1

To: Daniel Stender <debian@danielstender.com>, 785254@bugs.debian.org
Subject: Bug#785254: jessie-pu: package didjvu/0.2.8-1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 14 May 2015 05:09:04 +0200
Message-id: <[🔎] 20150514030904.GA30219@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 785254@bugs.debian.org
In-reply-to: <[🔎] 20150513205322.9483.47212.reportbug@varuna.home>
References: <[🔎] 20150513205322.9483.47212.reportbug@varuna.home>

Hi Daniel

(Disclaimer, not part of the release team, just giving a comment on
the changelog entry):

On Wed, May 13, 2015 at 10:53:22PM +0200, Daniel Stender wrote:
> +  * add fix-insecure-use-of-tmp-when-calling-c44.diff, fix
> +    of security issue TEMP-0784889-495CCA, see #784888 (closed
> +    in Sid by 0.4-1).

Do not use these temporary items since they can change over time (e.g.
when a CVE is assigned they do not exist anymore, or even if we change
some metadata in the security-tracker. So I suggest to just write an
expalanation what the issue is, or -- if a CVE is assigned -- include
the CVE id.

And you can "Close: #784888" as well, since there is a bug to track
that issue.

HTH,

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#785254: jessie-pu: package didjvu/0.2.8-1
  - From: Daniel Stender <debian@danielstender.com>

References:
- Bug#785254: jessie-pu: package didjvu/0.2.8-1
  - From: Daniel Stender <debian@danielstender.com>

Prev by Date: Bug#782900: Acknowledgement (jessie-pu: package ircd-hybrid/1:8.2.0+dfsg.1-2+deb8u1)
Next by Date: Bug#784724: marked as done (transition: gloox)
Previous by thread: Bug#785254: jessie-pu: package didjvu/0.2.8-1
Next by thread: Bug#785254: jessie-pu: package didjvu/0.2.8-1
Index(es):
- Date
- Thread