Hi Joseph,
just a few comments on your changelog:
- there is a typo in the line about standards to 4.2.1 ('standrads')
- closing @91382 should also indicate the CVE reference (with a short
title for the CVE)
Here is a proposition:
diff --git a/debian/changelog b/debian/changelog
index f98df52..765b7a9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,10 @@
asciidoctor (1.5.8-1) unstable; urgency=medium
- * New upstream version 1.5.8 (Closes: #913892)
+ * New upstream version 1.5.8
+ + CVE-2018-18385: fix infinite loop in Parser#next_block (Closes: #913892)
* Refresh patches for new version
* Fix Timezone tests when SOURCE_DATE_EPOCH is set.
- * d/control: bump standrards to 4.2.1
+ * d/control: bump standards to 4.2.1
* d/control: ruby-thread-safe has been dropped from upstream
in favor of ruby-concurrent
* d/control: add dependency version from ruby-asciidoctor to the ruby pkg
I don't have time and energy tonight to wait for all reverse
build/dependency to build. But if you agree we my proposition (or make a
new one), I am willing to upload the package tomorrow (wednesday) morning (UTC).
BTW, thanks for making me discover debhelper-compat! Maybe we should use
it globally in gem2deb?
Cheers,
Cédric
Attachment:
signature.asc
Description: PGP signature