tags 818615 -moreinfo thanks On Tue, Mar 22, 2016 at 07:56:40PM +0000, Adam D. Barratt wrote: > On Fri, 2016-03-18 at 20:58 +0100, Salvatore Bonaccorso wrote: > > HI Adam, > > > > Not Moritz here but can answer the question as well: > > > > On Fri, Mar 18, 2016 at 07:22:34PM +0000, Adam D. Barratt wrote: > > > Control: tags -1 + moreinfo > > > > > > On Fri, 2016-03-18 at 19:33 +0100, Moritz Muehlenhoff wrote: > > > > I'd like to fix a security issue in GTK, which doesn't really warrant > > > > a DSA. Debdiff below, I've been running this on my jessie > > > > workstation for a day now. > > > > > > > > Cheers, > > > > Moritz > > > > > > > > diff -Nru gtk+2.0-2.24.25/debian/changelog > > > > gtk+2.0-2.24.25/debian/changelog > > > > --- gtk+2.0-2.24.25/debian/changelog 2015-03-03 19:39:59.000000000 > > > > +0100 > > > > +++ gtk+2.0-2.24.25/debian/changelog 2016-03-17 23:20:16.000000000 > > > > +0100 > > > > @@ -1,3 +1,9 @@ > > > > +gtk+2.0 (2.24.25-3+deb8u1) jessie; urgency=medium > > > > + > > > > + * CVE-2013-7447 (Closes: #799275) > > > > > > The Security Tracker suggests that this isn't fixed in the version of > > > gtk+2.0 in unstable; is that correct? > > > > Yes it is as well unfixed there. I just have proposed a NMU in > > https://bugs.debian.org/799275#39 > > Thanks for that. > > If we don't notice, please feel free to remove the "moreinfo" tag once > the NMU reaches unstable.
This is now in unstable: https://packages.qa.debian.org/g/gtk+2.0/news/20160323T215045Z.html Cheers, Moritz
