Bug#812881: wheezy-pu: package gummi/0.6.3-1.2+deb7u2
On 27.01.2016 23:26, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Wed, 2016-01-27 at 15:49 +0100, Daniel Stender wrote:
>> The new package fixes #812577 [0]: the patch no-predictable-tmpfiles.patch
>> including in 0.6.3-1.2+deb7u1 fixed CVE-2015-7758 successfully, but has the
>> flaw that temporary include paths for images etc. in the tex documents
>> couldn't be used, but must be absolute (because a workfile [.tex.swp] in the
>> project path is missing).
>>
>> In the meanwhile upstream released a fix for CVE-2015-7758 which elegantly
>> uses a XDG cache dir for the temprary files to solve the problem [1].
>
> Does this also affect the Jessie package?
>
> [...]
>> Please see the attached diff for changes between deb7u1 and deb7u2. I've build
>> against Oldstable with Sbuild [2]. 0.6.3-1.2+deb7u1 is currently pending [3], I would
>> guess it just could be replaced in the pending state?
>
> Yes. In this context, "pending" means "in {,o-}p-u, waiting to form part
> of a point release" so updated revisions aren't an issue (although, in
> fairness, the old revision is then no longer actually in p-u; its
> contents are in practice though).
>
> Regards,
>
> Adam
Hi Adam,
thanks for the quick reply.
Yes, that bug also affects the Jessie package. I'll create a deb8u2 soon.
O.k., good. Thus I'll upload then now.
Daniel
--
4096R/DF5182C8
46CB 1CA8 9EA3 B743 7676 1DB9 15E0 9AF4 DF51 82C8
LPI certified Linux admin (LPI000329859 64mz6f7kt4)
http://www.danielstender.com/blog/
Reply to: