Bug#1109084: New debdiff

To: 1109084@bugs.debian.org, Bastien Roucaries <rouca@debian.org>, Salvatore Bonaccorso <carnil@debian.org>
Cc: Yadd <yadd@debian.org>
Subject: Bug#1109084: New debdiff
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 28 Aug 2025 19:37:59 +0100
Message-id: <[🔎] 7bc663c0967464fc51aac3e19fdadc53d752d361.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1109084@bugs.debian.org
In-reply-to: <[🔎] 5de6b10c5baf544e820dbb83fe88ae3ad971d395.camel@adam-barratt.org.uk>
References: <175221240296.1186671.9854201684688171177.reportbug@yadd-217.xnr.fr> <[🔎] aK9qOuAiSb_mrUPP@eldamar.lan> <[🔎] 369868c2623214725b2d26265998ced64731628b.camel@adam-barratt.org.uk> <175221240296.1186671.9854201684688171177.reportbug@yadd-217.xnr.fr> <[🔎] 6042529.88bMQJbFj6@debian-ei> <175221240296.1186671.9854201684688171177.reportbug@yadd-217.xnr.fr> <[🔎] 5de6b10c5baf544e820dbb83fe88ae3ad971d395.camel@adam-barratt.org.uk> <175221240296.1186671.9854201684688171177.reportbug@yadd-217.xnr.fr>

On Thu, 2025-08-28 at 18:25 +0100, Adam D. Barratt wrote:
> Mentioning 2.4.64 is fine. However, this package *also* includes
> changes from 2.4.65, which is not mentioned. It also claims that the
> CVE fix that was the reason for 2.4.65 being released was already
> part of 2.4.64.
> 
> So eg.
> 
> +  * New upstream version 2.4.64
> +    (Closes: CVE-2025-23048, CVE-2024-42516, CVE-2024-43204, CVE-
> 2024-43394,
> +    CVE-2024-47252, CVE-2025-49630, CVE-2025-49812, CVE-2025-53020)
> +  * New upstream version 2.4.65
> +    (Closes: CVE-2025-54090)
> 
> would seem more accurate.

I've marked the existing upload for rejection. Once that happens,
please feel free to re-upload with a changelog that's more clearly
divided between the changes in 2.4.64 and .65, e.g. as above.

Regards,

Adam

Reply to:

References:
- Bug#1109084: New debdiff
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#1109084: New debdiff
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#1109084: New debdiff
  - From: Bastien Roucaries <rouca@debian.org>
- Bug#1109084: New debdiff
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: NEW changes in stable-new
Next by Date: Processed: transition: flint
Previous by thread: Bug#1109084: New debdiff
Next by thread: Processed: forcibly merging 1112250 1112248
Index(es):
- Date
- Thread