On Sat, Apr 27, 2013 at 10:31 AM, Adam D. Barratt <[email protected]>wrote:
> On Sat, 2013-04-27 at 09:12 +0200, Vincent Bernat wrote: > > ❦ 27 avril 2013 09:01 CEST, "Thijs Kinkhorst" <[email protected]> : > > > > >> Wheezy contains my package jquery-jplayer 2.1.0-1, which is affected > by a > > >> few security issues which have been recently fixed upstream. One of > the > > >> issues is CVE-2013-1942. Two other issues, although important, did > not get > > >> a CVE number. > [...] > > > * Convert to source format 3.0 (quilt) to apply the patches that > carry the > > > fixes > [...] > > Not in the release team either but I disagree that switching to 3.0 > > (quilt) is an unacceptable change. This is far more simple than adding a > > patch system in debian/rules and better practice than putting those > > changes in diff.gz. > > Adding a patch system at this stage isn't really appropriate either, I'm > afraid. One middle ground that's been used in some other packages is to > apply the patch directly but also add a copy of the patch to the source > package (possibly in an otherwise unused debian/patches directory). > I have done that. New debdiff attached. -- Pau Garcia i Quiles http://www.elpauer.org (Due to my workload, I may need 10 days to answer)
jquery-jplayer_2.1.0-1_to_2.1.0-2.debdiff
Description: Binary data
