Bug#812881: wheezy-pu: package gummi/0.6.3-1.2+deb7u2

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

Control: tags -1 + confirmed

On Wed, 2016-01-27 at 15:49 +0100, Daniel Stender wrote:
> The new package fixes #812577 [0]: the patch no-predictable-tmpfiles.patch
> including in 0.6.3-1.2+deb7u1 fixed CVE-2015-7758 successfully, but has the
> flaw that temporary include paths for images etc. in the tex documents
> couldn't be used, but must be absolute (because a workfile [.tex.swp] in the
> project path is missing).
> 
> In the meanwhile upstream released a fix for CVE-2015-7758 which elegantly
> uses a XDG cache dir for the temprary files to solve the problem [1].

Does this also affect the Jessie package?

[...]
> Please see the attached diff for changes between deb7u1 and deb7u2. I've build
> against Oldstable with Sbuild [2]. 0.6.3-1.2+deb7u1 is currently pending [3], I would
> guess it just could be replaced in the pending state?

Yes. In this context, "pending" means "in {,o-}p-u, waiting to form part
of a point release" so updated revisions aren't an issue (although, in
fairness, the old revision is then no longer actually in p-u; its
contents are in practice though).

Regards,

Adam