Bug#849725: jessie-pu cairo/1.14.0-2.1+deb8u2
Control: tags -1 + pending
Hi,
On Sat, 2016-12-31 at 20:08 +0100, Salvatore Bonaccorso wrote:
> Hi Adam,
>
> On Sat, Dec 31, 2016 at 04:58:46PM +0000, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> >
> > On Fri, 2016-12-30 at 07:52 +0100, Salvatore Bonaccorso wrote:
> > > src:cairo in jessie is affected by CVE-2016-9082 which would not
> > > warrant a DSA. A while back in october the issue was already fixed in
> > > unstable, cf. #842289. I would like to propose the attached debdiff
> > > for the upcoming point release.
> >
> > Please go ahead.
>
> Thanks uploaded.
Flagged for acceptance; thanks.
> > > Note: in the 1.14.0-2.1 -> 1.14.0-2.1+deb8u1 the binary package
> > > binary-cairo-perf-utils got one more binary added
> > > (/usr/bin/cairo-perf-graph-files). Whit this update that goes back to
> > > the 1.14.0-2.1 situation.
> >
> > Do we know why that happened?
>
> I do not know. Cc'ing Moritz. But I guess the build environment might
> have had an addtional package installed. Because it is not the case
> for the binary packages built by the buildd's, e.g. i386:
>
> $ debdiff cairo-perf-utils_1.14.0-2.1_i386.deb cairo-perf-utils_1.14.0-2.1+deb8u1_i386.deb
> File lists identical (after any substitutions)
>
> Control files: lines which differ (wdiff format)
> ------------------------------------------------
> Version: [-1.14.0-2.1-] {+1.14.0-2.1+deb8u1+}
Okay, thanks.
Regards,
Adam
Reply to: