Package: release.debian.org Severity: normal Tags: wheezy User: release.debian....@packages.debian.org Usertags: pu
Hi, catfish currently has 4 unfixed CVE bugs that affect the version in wheezy. All of them were deemed to be minor issues (no DSA) according to the security tracker, so I'd like to fix them via an upload to stable instead. Debdiff is attached below. Jackson: I'll leave it to you to file a bug requesting an upload to squeeze, just so you know how to handle bugs like this in the future. Ping me for an upload when approved by the release team. diff -u catfish-0.3.2/debian/changelog catfish-0.3.2/debian/changelog --- catfish-0.3.2/debian/changelog +++ catfish-0.3.2/debian/changelog @@ -1,3 +1,10 @@ +catfish (0.3.2-2+deb7u1) stable; urgency=medium + + * Add 50Fix_cve.dpatch. Closes: #739958 + - CVE-2014-2093 CVE-2014-2094 CVE-2014-2095 CVE-2014-2096 + + -- Jackson Doak <nosk...@ubuntu.com> Sat, 01 Mar 2014 08:05:44 +1100 + catfish (0.3.2-2) unstable; urgency=low * Team upload. diff -u catfish-0.3.2/debian/patches/00list catfish-0.3.2/debian/patches/00list --- catfish-0.3.2/debian/patches/00list +++ catfish-0.3.2/debian/patches/00list @@ -4,0 +5 @@ +50Fix_cve.dpatch \ No newline at end of file only in patch2: unchanged: --- catfish-0.3.2.orig/debian/patches/50Fix_cve.dpatch +++ catfish-0.3.2/debian/patches/50Fix_cve.dpatch @@ -0,0 +1,22 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' catfish-0.3.2~/catfish.py catfish-0.3.2/catfish.py +--- a/catfish.in 2013-02-13 02:45:27 +0000 ++++ b/catfish.in 2014-02-28 04:26:26 +0000 +@@ -1,14 +1,2 @@ + #!/usr/bin/env bash +- +-APPNAME=catfish +- +-if [ -e $APPNAME.pyc ] +- then python $APPNAME.pyc "$@" +- else +- if [ -e $APPNAME.py ] +- then python $APPNAME.py "$@" +- else +- cd %prefix%/share/$APPNAME +- python $APPNAME.pyc "$@" +- fi +- fi ++%python% %prefix%/share/catfish/bin/catfish.py "$@" Regards, Vincent -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (700, 'testing'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13-5-vclaptop-amd64 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140322081703.23306.59591.reportbug@vincent-tlaptop
