Bug#812881: wheezy-pu: package gummi/0.6.3-1.2+deb7u2
Control: tags -1 + confirmed
On Wed, 2016-01-27 at 15:49 +0100, Daniel Stender wrote:
> The new package fixes #812577 [0]: the patch no-predictable-tmpfiles.patch
> including in 0.6.3-1.2+deb7u1 fixed CVE-2015-7758 successfully, but has the
> flaw that temporary include paths for images etc. in the tex documents
> couldn't be used, but must be absolute (because a workfile [.tex.swp] in the
> project path is missing).
>
> In the meanwhile upstream released a fix for CVE-2015-7758 which elegantly
> uses a XDG cache dir for the temprary files to solve the problem [1].
Does this also affect the Jessie package?
[...]
> Please see the attached diff for changes between deb7u1 and deb7u2. I've build
> against Oldstable with Sbuild [2]. 0.6.3-1.2+deb7u1 is currently pending [3], I would
> guess it just could be replaced in the pending state?
Yes. In this context, "pending" means "in {,o-}p-u, waiting to form part
of a point release" so updated revisions aren't an issue (although, in
fairness, the old revision is then no longer actually in p-u; its
contents are in practice though).
Regards,
Adam
Reply to: