Bug#787692: release.debian.org: jessie-pu: package ufraw/0.20-2+deb8u1
On Wed, 2015-06-03 at 23:08 -0400, Hubert Chathi wrote:
> I have fixed the security issue below for ufraw. The security team has
> marked the issue as no-dsa, but has suggested that it be fixed via
> jessie-pu.
>
> Here is an interdiff between the current jessie version and the updated
> version:
[...]
> -ufraw (0.20-2+deb8u1) jessie-security; urgency=high
> -
> - * dcraw.cc: Apply patch from
> - https://bugzilla.redhat.com/attachment.cgi?id=1027072&action=diff to
> - prevent buffer overflow in ljpeg_start (Closes: #786783, CVE-2015-3885)
That diff is reversed. Assuming that the actual package matches the diff
the right way around, please change the changelog distribution to
"jessie" rather than "jessie-security" and go ahead.
Regards,
Adam
Reply to: