[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#787692: release.debian.org: jessie-pu: package ufraw/0.20-2+deb8u1

Control: tags -1 + pending

On Sun, 2015-06-21 at 21:38 +0200, Salvatore Bonaccorso wrote:
> Hi Hubert, hi Adam,
> 
> On Sun, Jun 21, 2015 at 03:07:53PM -0400, Hubert Chathi wrote:
> > On Sat, 20 Jun 2015 20:27:22 +0100, "Adam D. Barratt" <adam@adam-barratt.org.uk> said:
> > 
> > > On Wed, 2015-06-03 at 23:08 -0400, Hubert Chathi wrote:
> > >> I have fixed the security issue below for ufraw.  The security team
> > >> has marked the issue as no-dsa, but has suggested that it be fixed
> > >> via jessie-pu.
> > >> 
> > >> Here is an interdiff between the current jessie version and the
> > >> updated version:
> > > [...]
> > >> -ufraw (0.20-2+deb8u1) jessie-security; urgency=high
> > >> -
> > >> -  * dcraw.cc: Apply patch from
> > >> -    https://bugzilla.redhat.com/attachment.cgi?id=1027072&action=diff to
> > >> -    prevent buffer overflow in ljpeg_start (Closes: #786783, CVE-2015-3885)
> > 
> > > That diff is reversed. Assuming that the actual package matches the
> > > diff the right way around, please change the changelog distribution to
> > > "jessie" rather than "jessie-security" and go ahead.
> > 
> > Yes, you're right, I accidentally reversed the diff.
> > 
> > Salvatore has said that he would do the upload for me, since my 1024D
> > key hasn't been properly replaced yet, so Salvatore, please go ahead
> > with the upload with the change requested ("jessie" rather than
> > "jessie-security").
> 
> Done!

Flagged for acceptance; thanks.

Regards,

Adam
Reply to: