Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2

To: Alessandro Ghedini <ghedo@debian.org>
Cc: 803410@bugs.debian.org, team@security.debian.org, Andreas Beckmann <anbe@debian.org>
Subject: Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Fri, 30 Oct 2015 16:41:18 +0000
Message-id: <[🔎] 1446223278.3026.7.camel@gmail.com>
Reply-to: Luca Boccassi <luca.boccassi@gmail.com>, 803410@bugs.debian.org
In-reply-to: <[🔎] 20151030133250.GA7387@kronk.local>
References: <[🔎] 20151029195223.1020.97487.reportbug@luca-desktop.home> <[🔎] 20151030133250.GA7387@kronk.local>

On Fri, 2015-10-30 at 14:32 +0100, Alessandro Ghedini wrote:
> On Thu, Oct 29, 2015 at 07:52:23pm +0000, luca wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: jessie
> > User: release.debian.org@packages.debian.org
> > Usertags: pu
> > 
> > Dear release team,
> > 
> > We would like to update libvdpau in jessie to address a segmentation fault in a
> > particular use case.
> > 
> > 0.8-3+deb8u1 was uploaded through jessie-security with an upstream fix for 3
> > security bugs: CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 (see
> > https://bugs.debian.org/797895).
> > 
> > The upstream patch unfortunately introduced a regression when running with
> > DRI_PRIME=1, as reported by a user in https://bugs.debian.org/802625 and
> > upstream has committed a fix for it.
> > 
> > We already uploaded a fixed version to unstable, and now we would like to
> > backport it to jessie as well. The debdiff follows. I have verified that it
> > fixes the problem on a vanilla jessie amd64 installation.
> > 
> > Thank you!
> > 
> > Kind regards,
> > Luca Boccassi
> > 
> > 
> > diff -Nru libvdpau-0.8/debian/changelog libvdpau-0.8/debian/changelog
> > --- libvdpau-0.8/debian/changelog       2015-09-05 13:14:50.000000000 +0100
> > +++ libvdpau-0.8/debian/changelog       2015-10-29 19:30:28.000000000 +0000
> > @@ -1,3 +1,10 @@
> > +libvdpau (0.8-3+deb8u2) jessie; urgency=medium
> 
> The diff looks good, could you change the target to jessie-security and upload
> to security-master?

Committed in git, but I'll have to ask Andreas to upload as I lack the
supercow powers :-)

Andreas, the new version is tested and ready in the jessie branch in git
[1], could you please upload to security-master when you have time?
Thanks!

> Also, do you plan to prepare an update for wheezy-security as well?

I'll have access to a wheezy guinea pig machine on Monday, so if the
regression is present there as well I'll test a patched version and
reply back here.

Kind regards,
Luca Boccassi

[1] https://anonscm.debian.org/cgit/pkg-nvidia/libvdpau.git/log/?h=jessie

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2
  - From: luca <luca.boccassi@gmail.com>
- Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2
  - From: Alessandro Ghedini <ghedo@debian.org>

Prev by Date: NEW changes in oldstable-new
Next by Date: Bug#803387: wheezy-pu: package exfat-utils/0.9.7-2+deb7u1
Previous by thread: Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2
Next by thread: Bug#800163: jessie-pu: package cloudprint/0.11-5
Index(es):
- Date
- Thread