Bug#787692: release.debian.org: jessie-pu: package ufraw/0.20-2+deb8u1

To: Hubert Chathi <uhoreg@debian.org>, 787692@bugs.debian.org
Subject: Bug#787692: release.debian.org: jessie-pu: package ufraw/0.20-2+deb8u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 20 Jun 2015 20:27:22 +0100
Message-id: <[🔎] 1434828442.2166.14.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 787692@bugs.debian.org
In-reply-to: <[🔎] 87h9qow4q6.fsf@desiato.home.uhoreg.ca>
References: <[🔎] 87h9qow4q6.fsf@desiato.home.uhoreg.ca>

On Wed, 2015-06-03 at 23:08 -0400, Hubert Chathi wrote:
> I have fixed the security issue below for ufraw.  The security team has
> marked the issue as no-dsa, but has suggested that it be fixed via
> jessie-pu.
> 
> Here is an interdiff between the current jessie version and the updated
> version:
[...]
> -ufraw (0.20-2+deb8u1) jessie-security; urgency=high
> -
> -  * dcraw.cc: Apply patch from
> -    https://bugzilla.redhat.com/attachment.cgi?id=1027072&action=diff to
> -    prevent buffer overflow in ljpeg_start (Closes: #786783, CVE-2015-3885)

That diff is reversed. Assuming that the actual package matches the diff
the right way around, please change the changelog distribution to
"jessie" rather than "jessie-security" and go ahead.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#787692: release.debian.org: jessie-pu: package ufraw/0.20-2+deb8u1
  - From: Hubert Chathi <uhoreg@debian.org>

References:
- Bug#787692: release.debian.org: jessie-pu: package ufraw/0.20-2+deb8u1
  - From: Hubert Chathi <uhoreg@debian.org>

Prev by Date: Processed: Re: Bug#787076: wheezy-pu: unzip 6.0-8+deb7u3
Next by Date: Processed: tagging 776361, retitle 776361 to nmu: user-mode-linux_3.2-2um-1+deb7u2
Previous by thread: Bug#787692: release.debian.org: jessie-pu: package ufraw/0.20-2+deb8u1
Next by thread: Bug#787692: release.debian.org: jessie-pu: package ufraw/0.20-2+deb8u1
Index(es):
- Date
- Thread