On Wed, 2015-06-03 at 23:08 -0400, Hubert Chathi wrote: > I have fixed the security issue below for ufraw. The security team has > marked the issue as no-dsa, but has suggested that it be fixed via > jessie-pu. > > Here is an interdiff between the current jessie version and the updated > version: [...] > -ufraw (0.20-2+deb8u1) jessie-security; urgency=high > - > - * dcraw.cc: Apply patch from > - https://bugzilla.redhat.com/attachment.cgi?id=1027072&action=diff to > - prevent buffer overflow in ljpeg_start (Closes: #786783, CVE-2015-3885)
That diff is reversed. Assuming that the actual package matches the diff the right way around, please change the changelog distribution to "jessie" rather than "jessie-security" and go ahead. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1434828442.2166.14.ca...@adam-barratt.org.uk
