[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#842013: jessie-pu: package potrace/1.12-1+deb8u1

On 2016-10-25 14:32, Andrew Shadura wrote:
On 25/10/16 15:31, Adam D. Barratt wrote:
Control: tags -1 + confirmed

On 2016-10-25 10:10, Andrew Shadura wrote:
I have prepared an upload fixing CVE-2016-8694, CVE-2016-8695,
CVE-2016-8696, CVE-2016-8697, CVE-2016-8698, CVE-2016-8699,
CVE-2016-8701, CVE-2016-8702, CVE-2016-8703.

Please find the attached debdiff.

I assume "CVE-2016-8694.patch" actually fixes all of the listed CVEs? If
so, and assuming that the resulting package has been tested on stable,
please go ahead.

Yes, it does.

Unfortunately it appears that the uploaded package was not built in a (purely) jessie environment, so I'm afraid that I've had to mark it to be rejected.

Automated binary debdiffs show:

Warning: these package names were in the second list but not in the first:
Files only in first set of .debs, found in package libpotrace0
-rwxr-xr-x  root/root   DEBIAN/postinst
-rwxr-xr-x  root/root   DEBIAN/postrm

New files in second set of .debs, found in package libpotrace0
-rw-r--r--  root/root   DEBIAN/triggers

Those changes won't happen if jessie's debhelper was used for the build. (The fact that dak didn't reject the package itself is a known issue with the *-debug suite checks.)



Reply to: