Control: tags -1 + pending On Sun, 2015-06-21 at 21:38 +0200, Salvatore Bonaccorso wrote: > Hi Hubert, hi Adam, > > On Sun, Jun 21, 2015 at 03:07:53PM -0400, Hubert Chathi wrote: > > On Sat, 20 Jun 2015 20:27:22 +0100, "Adam D. Barratt" > > <a...@adam-barratt.org.uk> said: > > > > > On Wed, 2015-06-03 at 23:08 -0400, Hubert Chathi wrote: > > >> I have fixed the security issue below for ufraw. The security team > > >> has marked the issue as no-dsa, but has suggested that it be fixed > > >> via jessie-pu. > > >> > > >> Here is an interdiff between the current jessie version and the > > >> updated version: > > > [...] > > >> -ufraw (0.20-2+deb8u1) jessie-security; urgency=high > > >> - > > >> - * dcraw.cc: Apply patch from > > >> - https://bugzilla.redhat.com/attachment.cgi?id=1027072&action=diff to > > >> - prevent buffer overflow in ljpeg_start (Closes: #786783, > > >> CVE-2015-3885) > > > > > That diff is reversed. Assuming that the actual package matches the > > > diff the right way around, please change the changelog distribution to > > > "jessie" rather than "jessie-security" and go ahead. > > > > Yes, you're right, I accidentally reversed the diff. > > > > Salvatore has said that he would do the upload for me, since my 1024D > > key hasn't been properly replaced yet, so Salvatore, please go ahead > > with the upload with the change requested ("jessie" rather than > > "jessie-security"). > > Done!
Flagged for acceptance; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1435087704.2236.12.ca...@adam-barratt.org.uk
