Bug#912531: stretch-pu: package exiv2/0.25-3.1+deb9u2

To: Roberto C. Sánchez <roberto@debian.org>
Cc: 912531@bugs.debian.org, "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#912531: stretch-pu: package exiv2/0.25-3.1+deb9u2
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 24 Jun 2020 08:55:52 +0200
Message-id: <[🔎] 20200624065552.GA2134562@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 912531@bugs.debian.org
In-reply-to: <[🔎] 20200622120015.GD17950@connexer.com>
References: <20181101032535.jdfq2xoyvhgqy5yh@connexer.com> <1541098253.2224.14.camel@adam-barratt.org.uk> <20181101032535.jdfq2xoyvhgqy5yh@connexer.com> <20181102010746.tvlwfw53uzmtyvoj@connexer.com> <[🔎] cd4776cce5eb2cb3306eabb3bf768f46c9eb7046.camel@adam-barratt.org.uk> <20181101032535.jdfq2xoyvhgqy5yh@connexer.com> <[🔎] 20200615200514.GJ3637@connexer.com> <[🔎] 20200622115535.GA1689999@eldamar.local> <20181101032535.jdfq2xoyvhgqy5yh@connexer.com> <[🔎] 20200622120015.GD17950@connexer.com> <20181101032535.jdfq2xoyvhgqy5yh@connexer.com>

Control: clone 912531 -1
Control: retitle -1 buster-pu: package exiv2/0.25-4+deb10u1
Control: tags -1 - stretch
Control: tags -1 + buster

Hi,

On Mon, Jun 22, 2020 at 08:00:16AM -0400, Roberto C. Sánchez wrote:
> On Mon, Jun 22, 2020 at 01:55:35PM +0200, Salvatore Bonaccorso wrote:
> > Hi Roberto,
> > 
> > On Mon, Jun 15, 2020 at 04:05:15PM -0400, Roberto C. Sánchez wrote:
> > > On Mon, Jun 15, 2020 at 08:28:14PM +0100, Adam D. Barratt wrote:
> > > > Control: tags -1 -moreinfo + confirmed
> > > > 
> > > > On Thu, 2018-11-01 at 21:07 -0400, Roberto C.Sánchez wrote:
> > > > > On Thu, Nov 01, 2018 at 06:50:53PM +0000, Adam D. Barratt wrote:
> > > > > > Control: tags -1 + moreinfo
> > > > > > 
> > > > > > On Wed, 2018-10-31 at 23:25 -0400, Roberto C. Sanchez wrote:
> > > > > > > I have prepared an update for exiv2 in jessie (0.24-4.1+deb8u2)
> > > > > > > related to CVE-2018-16336 and also including a minor fix to the
> > > > > > > previous patch for CVE-2018-10958 and CVE-2018-10999.
> > > > > > 
> > > > > > The Security Tracker indicates that CVE-2018-16336 is as-yet
> > > > > > unfixed in unstable; is that correct?
> > > > > > 
> > > > > Hi Adam,
> > > > > 
> > > > > That is correct.  I completely overlooked it.  I will check with the
> > > > > maintainers about their plans for unstable.
> > > > > 
> > > > 
> > > > It looks like that eventually happened, early this year(!).
> > > > 
> > > > If this is still something that you're interested in fixing for
> > > > stretch, please go ahead.
> > > > 
> > > The work has already been done, so I will go ahead with an upload
> > > shortly.
> > 
> > Given the target fix now for 9.13, can you as well do a corresponding
> > buster update to avoid a regression from updates from stretch to
> > buster?
> > 
> The upstream version for exiv2 is the same in buster and stretch, so I
> think it should be a trivial update.  I will upload exiv2 0.25-4+deb10u1
> targeted at suite "buster" within the next 24 hours.

To have a buster-pu bug as well, cloning this one accordingly, and
hope I got all metadata correct.

Regards,
Salvatore

Reply to:

References:
- Bug#912531: stretch-pu: package exiv2/0.25-3.1+deb9u2
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#912531: stretch-pu: package exiv2/0.25-3.1+deb9u2
  - From: Roberto C. Sánchez <roberto@debian.org>
- Bug#912531: stretch-pu: package exiv2/0.25-3.1+deb9u2
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#912531: stretch-pu: package exiv2/0.25-3.1+deb9u2
  - From: Roberto C. Sánchez <roberto@debian.org>

Prev by Date: Processed: Re: Bug#960046: transition: sane-backends
Next by Date: Processed: Re: Bug#912531: stretch-pu: package exiv2/0.25-3.1+deb9u2
Previous by thread: Bug#912531: stretch-pu: package exiv2/0.25-3.1+deb9u2
Next by thread: Processed: Re: Bug#912531: stretch-pu: package exiv2/0.25-3.1+deb9u2
Index(es):
- Date
- Thread