[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#787692: release.debian.org: jessie-pu: package ufraw/0.20-2+deb8u1

Hi Hubert, hi Adam,

On Sun, Jun 21, 2015 at 03:07:53PM -0400, Hubert Chathi wrote:
> On Sat, 20 Jun 2015 20:27:22 +0100, "Adam D. Barratt" <adam@adam-barratt.org.uk> said:
> 
> > On Wed, 2015-06-03 at 23:08 -0400, Hubert Chathi wrote:
> >> I have fixed the security issue below for ufraw.  The security team
> >> has marked the issue as no-dsa, but has suggested that it be fixed
> >> via jessie-pu.
> >> 
> >> Here is an interdiff between the current jessie version and the
> >> updated version:
> > [...]
> >> -ufraw (0.20-2+deb8u1) jessie-security; urgency=high
> >> -
> >> -  * dcraw.cc: Apply patch from
> >> -    https://bugzilla.redhat.com/attachment.cgi?id=1027072&action=diff to
> >> -    prevent buffer overflow in ljpeg_start (Closes: #786783, CVE-2015-3885)
> 
> > That diff is reversed. Assuming that the actual package matches the
> > diff the right way around, please change the changelog distribution to
> > "jessie" rather than "jessie-security" and go ahead.
> 
> Yes, you're right, I accidentally reversed the diff.
> 
> Salvatore has said that he would do the upload for me, since my 1024D
> key hasn't been properly replaced yet, so Salvatore, please go ahead
> with the upload with the change requested ("jessie" rather than
> "jessie-security").

Done!

Regards,
Salvatore
Reply to: