Bug#948363: buster-pu: package fig2dev/1:3.2.7a-5+deb10u2

To: Roland Rosenfeld <roland@debian.org>, 948363@bugs.debian.org
Subject: Bug#948363: buster-pu: package fig2dev/1:3.2.7a-5+deb10u2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 25 Jan 2020 20:20:55 +0000
Message-id: <[🔎] 92453d2d0e9c7eda7a1dc1731562b0c211d89d1e.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 948363@bugs.debian.org
In-reply-to: <[🔎] 20200125194953.do25yhrmxkkuauo4@dinghy.sail.spinnaker.de>
References: <[🔎] 20200107191653.GA20753@dinghy.sail.spinnaker.de> <[🔎] 5aadfef1cebedfab9b6b6eada7f299c8f74b6b58.camel@adam-barratt.org.uk> <[🔎] 20200107191653.GA20753@dinghy.sail.spinnaker.de> <[🔎] 20200125194953.do25yhrmxkkuauo4@dinghy.sail.spinnaker.de> <[🔎] 20200107191653.GA20753@dinghy.sail.spinnaker.de>

Control: tags -1 -moreinfo +confirmed

On Sat, 2020-01-25 at 20:49 +0100, Roland Rosenfeld wrote:
> Hi Adam!
> 
> On Sa, 25 Jan 2020, Adam D. Barratt wrote:
> 
> > On Tue, 2020-01-07 at 20:16 +0100, Roland Rosenfeld wrote:
> > > While 3.2.7a-5+deb10u2 is currently in proposed-updates I
> > > prepared
> > > another update (deb10u3) fixing CVE-2019-19746 and CVE-2019-19797 
> > > as
> > > well as 6 further segfaults, which are only in upstream tracker
> > > and
> > > don't have a CVE:
> > > https://sourceforge.net/p/mcj/tickets/58
> > > https://sourceforge.net/p/mcj/tickets/59
> > > https://sourceforge.net/p/mcj/tickets/61
> > > https://sourceforge.net/p/mcj/tickets/62
> > > https://sourceforge.net/p/mcj/tickets/78
> > > https://sourceforge.net/p/mcj/tickets/79
> > 
> > Are those additional upstream fixes already included in the package
> > in unstable?
> 
> Yes, 43_fgets2getline.patch from 3.2.7a-5+deb10u3, which fixes all
> these issues is nearly identical to 32_fgets2getline.patch from
> 3.2.7b-3, which is available in sid and bullseye.
> 

OK, thanks. Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#948363: buster-pu: package fig2dev/1:3.2.7a-5+deb10u2
  - From: Roland Rosenfeld <roland@debian.org>
- Bug#948363: buster-pu: package fig2dev/1:3.2.7a-5+deb10u2
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#948363: buster-pu: package fig2dev/1:3.2.7a-5+deb10u2
  - From: Roland Rosenfeld <roland@debian.org>

Prev by Date: NEW changes in oldstable-new
Next by Date: Processed: Re: Bug#948363: buster-pu: package fig2dev/1:3.2.7a-5+deb10u2
Previous by thread: Bug#948363: buster-pu: package fig2dev/1:3.2.7a-5+deb10u2
Next by thread: Processed: Re: Bug#948363: buster-pu: package fig2dev/1:3.2.7a-5+deb10u2
Index(es):
- Date
- Thread