On Sun, 7 Feb 2010 19:19:37 +0100 Nico Golde wrote: > Hey, > * Michael Gilbert [2010-02-07 18:22]: > > I have prepared an updated package for xpdf that fixes quite a few > > security issues (and a couple cosmetic ones as well). The package is > > available at [0]. Note that I've built updated etch and lenny packages > > there as well, which I am getting sponsorship from the security team. > > They can be ignored. > > > > Would anyone be willing to sponsor this upload? > > Please split the security patches into separated files for each CVE id. > Otherwise it's impossible to check whether you fixed all of them or not.
Hi, If the upstream patch is split up, I think it will actually make it a lot more difficult to verify my work. The upstream patch [0],[1], lumps all of these CVEs into one file. Note that reference [1] is linked from all of the mitre CVE pages as the patch for all of these issues. If splitting up the upstream patch is the right thing to do, then I will certainly do that, but it seems a bit like busy work, and I think it actually makes your work harder. Please advise. Thanks, Mike [0] http://www.foolabs.com/xpdf/download.html [1] ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100214150224.fc8ec69a.michael.s.gilb...@gmail.com
