Hi! On Fri, Nov 29, 2019 at 02:16:34PM +0100, Jörg Frings-Fürst wrote: > Package name : libonig > Version : 6.9.4-1
> Changes since the last upload: > > * Neu upstream release. > - Refresh symbols file and add Build-Depends-Package field. > - Remove upstream applied patches: > + 0105-CVE-2019-13224.patch > + 0110-CVE-2019-13225.patch > - Refresh debain/copyright. > - Fixes CVE-2019-19204: heap-buffer-overflow in fetch_interval_quantifier > due to double PFETCH (Closes: #945313). > - Fixes CVE-2019-19203: heap-buffer-overflow in gb18030_mbc_enc_len > (Closes: #945312). > - Fixes CVE-2019-19012: Out of bounds read in mbc_to_code() > (Closes: #944959). > - Fixes CVE-2019-16163: Stack Exhaustion Problem (Closes: #939988). > - Fixes CVE-2019-19246: heap-based buffer over-read in > str_lower_case_match. > * debian/watch:_Correct typo. > * Declare compliance with Debian Policy 4.4.1.1 (No changes needed). > * Switch to debhelper-compat: > - debian/control: change to debhelper-compat (=12) > - remove debian/compat > * debian/control: > - Add Rules-Requires-Root: binary-targets. Is there a reason for binary-targets? None of the binary packages ship any files with non-standard owner, and I don't see anything else that would require fakeroot. Also, I've tried building the package with R³: no, and it seems to build ok. Am I missing something? Meow! -- ⢀⣴⠾⠻⢶⣦⠀ A MAP07 (Dead Simple) raspberry tincture recipe: 0.5l 95% alcohol, ⣾⠁⢠⠒⠀⣿⡁ 1kg raspberries, 0.4kg sugar; put into a big jar for 1 month. ⢿⡄⠘⠷⠚⠋⠀ Filter out and throw away the fruits (can dump them into a cake, ⠈⠳⣄⠀⠀⠀⠀ etc), let the drink age at least 3-6 months.
