On Wed, Jul 18, 2018 at 05:13:22PM +0530, Abhijith PA wrote: > Hi. > > > I've prepared security update for ant. Please review and upload. > Debdiff is attached. Maintainer has disabled tests in build. So I > manually run /testEntriesDontEscapeDestByDefault/, > /testEntriesCanEscapeDestIfRequested/ (specific to CVE-2018-10886) > tasks from [1] upstream testsuite. I will prepare the DLA once package > hit the archive. > > Hi Abhijith,
A few notes: - Your debian/changelog entry has trailing whitespace, which should be removed - You additionally need this commit for a minor documentation/typo fix: https://github.com/apache/ant/commit/19910e518a669c8cc4d9b74c9ab11471c18cb634 - In the documentation changes you modified upstream's "since 1.9.12" to "since 1.9.4-3+deb8u1", which is good, but you left it as 1.9.12 in once place; all instances should be changed, I think (note that the additional commit I mentioned above contains another instance of the version number that needs to be changed) - You mention running the testEntriesDontEscapeDestByDefault and testEntriesCanEscapeDestIfRequested tests, but do not mention the testEntriesCanEscapeDestViaAbsolutePathByDefault and testEntriesDontEscapeDestViaAbsolutePathIfProhibited tests; can you run the other two and confirm that they also pass? If you can make these corrections and confirm the additional tests, your changes will be ready to upload. Regards, -Roberto -- Roberto C. Sánchez
