[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#818615: jessie-pu: package gtk+2.0

On Fri, 2016-03-18 at 20:58 +0100, Salvatore Bonaccorso wrote:
> HI Adam,
> 
> Not Moritz here but can answer the question as well:
> 
> On Fri, Mar 18, 2016 at 07:22:34PM +0000, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> > 
> > On Fri, 2016-03-18 at 19:33 +0100, Moritz Muehlenhoff wrote:
> > > I'd like to fix a security issue in GTK, which doesn't really warrant
> > > a DSA. Debdiff below, I've been running this on my jessie
> > > workstation for a day now.
> > > 
> > > Cheers,
> > >         Moritz
> > > 
> > > diff -Nru gtk+2.0-2.24.25/debian/changelog gtk+2.0-2.24.25/debian/changelog
> > > --- gtk+2.0-2.24.25/debian/changelog	2015-03-03 19:39:59.000000000 +0100
> > > +++ gtk+2.0-2.24.25/debian/changelog	2016-03-17 23:20:16.000000000 +0100
> > > @@ -1,3 +1,9 @@
> > > +gtk+2.0 (2.24.25-3+deb8u1) jessie; urgency=medium
> > > +
> > > +  * CVE-2013-7447 (Closes: #799275)
> > 
> > The Security Tracker suggests that this isn't fixed in the version of
> > gtk+2.0 in unstable; is that correct?
> 
> Yes it is as well unfixed there. I just have proposed a NMU in
> https://bugs.debian.org/799275#39

Thanks for that.

If we don't notice, please feel free to remove the "moreinfo" tag once
the NMU reaches unstable.

Regards,

Adam
Reply to: