Bug#787692: release.debian.org: jessie-pu: package ufraw/0.20-2+deb8u1
On Sat, 20 Jun 2015 20:27:22 +0100, "Adam D. Barratt" <adam@adam-barratt.org.uk> said:
> On Wed, 2015-06-03 at 23:08 -0400, Hubert Chathi wrote:
>> I have fixed the security issue below for ufraw. The security team
>> has marked the issue as no-dsa, but has suggested that it be fixed
>> via jessie-pu.
>>
>> Here is an interdiff between the current jessie version and the
>> updated version:
> [...]
>> -ufraw (0.20-2+deb8u1) jessie-security; urgency=high
>> -
>> - * dcraw.cc: Apply patch from
>> - https://bugzilla.redhat.com/attachment.cgi?id=1027072&action=diff to
>> - prevent buffer overflow in ljpeg_start (Closes: #786783, CVE-2015-3885)
> That diff is reversed. Assuming that the actual package matches the
> diff the right way around, please change the changelog distribution to
> "jessie" rather than "jessie-security" and go ahead.
Yes, you're right, I accidentally reversed the diff.
Salvatore has said that he would do the upload for me, since my 1024D
key hasn't been properly replaced yet, so Salvatore, please go ahead
with the upload with the change requested ("jessie" rather than
"jessie-security").
Thanks
--
Hubert Chathi <uhoreg@debian.org> -- Jabber: hubert@uhoreg.ca
PGP/GnuPG key: 1024D/124B61FA http://www.uhoreg.ca/
Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA
Reply to: