On Mon, 18 May 2015, Vincent Fourmond wrote: > Attached is a diff from squeeze5 to the proposed squeeze6. It builds > fine now (including upstream test suite), but at the moment, I am > unable to check whether the security bugs supposedly fixed in the > release are fixed, if only because there are no publicly available > badly form input that would trigger the bug. I'll try to see what I > can do about that.
It's not such a big deal if there are no files to trigger the various bugs. It's obviously better to be able to ensure that the issues are fixed, but what's even more important is to ensure that the tools still work as expected. Given the test suite and some basic testing, I suggest that you go ahead and upload the package (and release the DLA). > You'll find that some of the patches currently in LTS have been > renamed and slightly tweaked, but nothing has changed besides patch > name and meta-data: A small detail I noticed: > --- > imagemagick-6.6.0.4/debian/patches/0001-Description-Do-not-read-configure-files-in-the-curre.patch > 2014-04-04 17:02:24.000000000 +0200 > +++ > imagemagick-6.6.0.4/debian/patches/0001-Description-Do-not-read-configure-files-in-the-curre.patch > 2015-05-16 02:00:33.000000000 +0200 > @@ -2,15 +2,13 @@ > From: =?UTF-8?q?Bastien=20ROUCARI=C3=88S?= <roucaries.bast...@gmail.com> > Date: Wed, 25 Apr 2012 14:47:16 +0200 > Subject: [PATCH] Description: Do not read configure files in the current > - directory for the "installed" version of ImageMagick. > - Patch pulled from upstream svn > - https://www.imagemagick.org/subversion/ImageMagick/trunk > - revision 3022. Author: Cristy <quetzlzacatenango@image...> > - Bug-Debian: http://bugs.debian.org/601824 Origin: upstream > - Last-Update: 2010-11-06 > + directory for the "installed" version of ImageMagick. Patch pulled from > + upstream svn https://www.imagemagick.org/subversion/ImageMagick/trunk > + revision 3022. Author: Cristy <quetzlzacatenango@image...> Bug-Debian: > + http://bugs.debian.org/601824 Origin: upstream Last-Update: 2010-11-06 The DEP-3 meta-data is just scrambled here... otherwise the rest looked good. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150527095718.ga1...@home.ouaza.com
