[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#787692: release.debian.org: jessie-pu: package ufraw/0.20-2+deb8u1



On Wed, 2015-06-03 at 23:08 -0400, Hubert Chathi wrote:
> I have fixed the security issue below for ufraw.  The security team has
> marked the issue as no-dsa, but has suggested that it be fixed via
> jessie-pu.
> 
> Here is an interdiff between the current jessie version and the updated
> version:
[...]
> -ufraw (0.20-2+deb8u1) jessie-security; urgency=high
> -
> -  * dcraw.cc: Apply patch from
> -    https://bugzilla.redhat.com/attachment.cgi?id=1027072&action=diff to
> -    prevent buffer overflow in ljpeg_start (Closes: #786783, CVE-2015-3885)

That diff is reversed. Assuming that the actual package matches the diff
the right way around, please change the changelog distribution to
"jessie" rather than "jessie-security" and go ahead.

Regards,

Adam


Reply to: