On 4/4/19 3:38 PM, Moritz Mühlenhoff wrote: > On Tue, Apr 02, 2019 at 10:40:44PM -0400, Reinhard Tartler wrote: >> Ah, that's great news. I didn't realize that Moritz backported the >> security fixes to an earlier upstream version. I managed to locate the >> git commits but wasn't comfortable with backporting them to version 0.5.2, >> not all of them applied cleanly and I lacked the confidence to resolve >> the conflicts. >> >> Thanks Moritz for taking care of this! > > Yeah, I sent a mail to debian-multimedia@ldo about this, but seems to have > fallen through the cracks: > https://lists.debian.org/debian-multimedia/2019/03/msg00081.html
That's entirely possible, I must have overlooked that email. My apologies. > BTW, I also prepared an MR on salsa for the remaining open security issues > in src:audiofile, it would be great if anyone in the debian multimedia > team could merge and upload: > https://salsa.debian.org/multimedia-team/audiofile/merge_requests/1 Seems Sebastian already took care of this and the upload last Friday. :-) >> Given we do have those RC bugs fixed with more targeted patches, I >> no longer see the urgency to get 0.7.1 into unstable. Would you agree >> with having 0.7.1 in experimental instead? If so, I'd upload it as >> 0.7.1-2 to experimental. > > experimental should be fine, as it's totally to the freeze process. Uploaded 0.7.1-2 to experimental, which is (again) in NEW. Thorsten, let me know if there are any issues with that upload. Cheers, -rt
signature.asc
Description: OpenPGP digital signature
