Bug#1104154: bookworm-pu: package fig2dev/1:3.2.8b-3+deb12u2
Hi Roland,
On Sat, May 10, 2025 at 02:50:42PM +0200, Salvatore Bonaccorso wrote:
> Hi Roland,
>
> On Mon, May 05, 2025 at 08:15:42PM +0200, Roland Rosenfeld wrote:
> > Hi Salvatore!
> >
> > On Wed, 30 Apr 2025, Salvatore Bonaccorso wrote:
> >
> > > FWIW, the CVEs have been rejected in meanwhile as there is no real
> > > security impact. I think still it is worth you might upload your
> > > package for the upcoming point release, but please drop the CVE id
> > > mentionings.
> >
> > Okay, I renamed the patches to their names from sid/trixie and removed
> > the CVE references from the patches and from debian/changelog.
> >
> > An updated debdiff is attached.
> > The updated salsa pipeline is at
> > https://salsa.debian.org/debian/fig2dev/-/pipelines/861650
> >
> > Everything else didn't change since the initial bugreport.
> > A diff against the initial bug report can be found in
> > https://salsa.debian.org/debian/fig2dev/-/commit/792b63860a7e4bdc6199da9e049cc617512c44b9
>
> Thanks a lot. AFAICS you did not got an ack yet from release team, but
> if you are confident that it will be accepted as it is, you can take
> advantage of the improved workflow and upload as well the package
> already. I'm mentioning that since the window for uploading fixes for
> the next point release will close this weekend.
To late for the next point release, but we can do the next one :)
FWIW, just from today the CVEs got assigned back after they got
dropped. I restored the tracking from security-tracker point of view
as:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7302ddf264401a63ade31814877256fe6a21861
Regards,
Salvatore
Reply to: