Hi Mike, On Mon, 25 May 2020 at 14:21, Hugh McMaster wrote: > > On Mon, 25 May 2020 at 00:55, Adam D. Barratt wrote: >> >> Personally, it probably makes more sense for the new stretch version to >> be +deb9u3, built on top of the already uploaded package (and similar >> for buster) with a second release.d.o bug describing the new fixes. >> >> You /can/ re-use the version if that would be preferable, as the >> package is still in (old)stable-new right now, but that will require a >> reject+reupload cycle, and presumably corresponding re-tag on the git >> side. > > Good to know, but by the sound of things, incrementing is going to cleaner > and quicker.
I've prepared debdiffs for Jessie (0.6.21-2+deb9u3), Stretch (0.6.21-2+deb9u3) and Buster (0.6.21-5.1+deb10u3) with fixes for the three new CVEs. If you have time, I'd appreciate your help in once again uploading and completing the relevant documentation. Please note: I've replaced one of the CVE patches added to Jessie in the previous release because I included the wrong patch by mistake. I'm following Adam's suggestion and incrementing the Debian package version. I will also submit bugs for Stretch and Buster. Thanks, Hugh
libexif_0.6.21-2+deb8u3.debdiff
Description: Binary data
libexif_0.6.21-2+deb9u3.debdiff
Description: Binary data
libexif_0.6.21-5.1+deb10u3.debdiff
Description: Binary data
