[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#785254: jessie-pu: package didjvu/0.2.8-1

Hi Daniel

(Disclaimer, not part of the release team, just giving a comment on
the changelog entry):

On Wed, May 13, 2015 at 10:53:22PM +0200, Daniel Stender wrote:
> +  * add fix-insecure-use-of-tmp-when-calling-c44.diff, fix
> +    of security issue TEMP-0784889-495CCA, see #784888 (closed
> +    in Sid by 0.4-1).

Do not use these temporary items since they can change over time (e.g.
when a CVE is assigned they do not exist anymore, or even if we change
some metadata in the security-tracker. So I suggest to just write an
expalanation what the issue is, or -- if a CVE is assigned -- include
the CVE id.

And you can "Close: #784888" as well, since there is a bug to track
that issue.



Reply to: