Hi Hubert, hi Adam, On Sun, Jun 21, 2015 at 03:07:53PM -0400, Hubert Chathi wrote: > On Sat, 20 Jun 2015 20:27:22 +0100, "Adam D. Barratt" > <a...@adam-barratt.org.uk> said: > > > On Wed, 2015-06-03 at 23:08 -0400, Hubert Chathi wrote: > >> I have fixed the security issue below for ufraw. The security team > >> has marked the issue as no-dsa, but has suggested that it be fixed > >> via jessie-pu. > >> > >> Here is an interdiff between the current jessie version and the > >> updated version: > > [...] > >> -ufraw (0.20-2+deb8u1) jessie-security; urgency=high > >> - > >> - * dcraw.cc: Apply patch from > >> - https://bugzilla.redhat.com/attachment.cgi?id=1027072&action=diff to > >> - prevent buffer overflow in ljpeg_start (Closes: #786783, > >> CVE-2015-3885) > > > That diff is reversed. Assuming that the actual package matches the > > diff the right way around, please change the changelog distribution to > > "jessie" rather than "jessie-security" and go ahead. > > Yes, you're right, I accidentally reversed the diff. > > Salvatore has said that he would do the upload for me, since my 1024D > key hasn't been properly replaced yet, so Salvatore, please go ahead > with the upload with the change requested ("jessie" rather than > "jessie-security").
Done! Regards, Salvatore -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150621193801.GA8845@eldamar.local
