Bug#942575: buster-pu: package openjpeg2/2.3.0-2+deb10u1

Hi, On Fri, Nov 08, 2019 at 09:56:53PM +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Fri, 2019-10-18 at 13:23 +0200, Hugo Lefeuvre wrote: > > as discussed in #939553[0], no DSA will be issued by the security > > team for CVE-2018-21010 and this vulne

Bug#942575: buster-pu: package openjpeg2/2.3.0-2+deb10u1

addresses this issue, along with CVE-2018-20847. This is almost the same debdiff as #942024[1] (for stretch-pu). thanks! cheers, Hugo [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939553 [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942024 -- Hugo Lefeuvre (hle

Bug#942024: stretch-pu: package openjpeg2/2.1.2-1.1+deb9u4

Hi, > I think that second occurrence of 2018-21010 might be incorrect. :-) right, same typo twice. I meant CVE-2016-9112 of course :) > Please go ahead. uploaded, thanks! -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A24

Bug#942024: stretch-pu: package openjpeg2/2.1.2-1.1+deb9u4

://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939553 -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C diff -Nru openjpeg2-2.1.2/debian/changelog openjpeg2-2.1.2/debian/changelog

Bug#936051: stretch-pu: package sdl-image1.2/1.2.12-5+deb9u2

Small update: I forgot to close the bug report (#932755) and did not mention CVE-2019-5058 in debian/changelog. You can find an updated debdiff in attachment. cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD

Bug#936056: buster-pu: package sdl-image1.2/1.2.12-10+deb10u1

at the same time, but for a number of reasons sdl-image1.2 was delayed) This is essentially the same update as 1.2.12-5+deb9u2, see #936051. thanks! cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_

Bug#936051: stretch-pu: package sdl-image1.2/1.2.12-5+deb9u2

of reasons sdl-image1.2 was delayed) thanks! cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C diff -Nru sdl-image1.2-1.2.12/debian/changelog sdl

Bug#933147: buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1

er now :) regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C diff -Nru libsdl2-image-2.0.4+dfsg1/debian/changelog libsdl2-image-2.0.4+dfsg1/debian/changelog --- libsdl2-

Bug#933147: buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1

atch which addresses the remaining issue in IMG_xcf.c. cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature

Bug#933147: buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1

ttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755 -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature

Bug#933218: stretch-pu: package libsdl2-image/2.0.1+dfsg-2+deb9u2

-- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C diff -Nru libsdl2-image-2.0.1+dfsg/debian/changelog libsdl2-image-2.0.1+dfsg/debian/changelog --- libsdl2-image-2.0.1+dfsg/debian/changelog

Bug#933147: buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1

) Attached is a debdiff addressing all of them for buster. All of these patches are from upstream, I have removed whitespace changes and non security related refactoring. thanks! cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA

Bug#928306: unblock: liblivemedia/2018.11.26-1.1

x27;t need to ask pre-approval for them, you can include them in the > upload to unstable and send an updated debdiff. Diff just landed in unstable. thanks! cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed2

Bug#928306: unblock: liblivemedia/2018.11.26-1.1

ag from this bug once the > package is in unstable. If you want to add targeted fixes for the two other > CVEs, you don't need to ask pre-approval for them, you can include them in the > upload to unstable and send an updated debdiff. Great, will do! Thanks for your work. cheers, Hugo

Bug#928306: unblock: liblivemedia/2018.11.26-1.1

://security-tracker.debian.org/tracker/CVE-2019-9215 [1] https://security-tracker.debian.org/tracker/CVE-2019-7314 [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924655 unblock liblivemedia/2018.11.26-1.1 -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27

Bug#901276: jessie-pu: package lame/3.99.5+repack1-7+deb8u2

> +lame (3.99.5+repack1-7+deb8u2) oldstable; urgency=high > > Please use "jessie" as the distribution there, and feel free to upload. Done. I hope it's not too late, sorry for the delay ! Regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/

Bug#901276: jessie-pu: package lame/3.99.5+repack1-7+deb8u2

00081.html -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA diff -Nru lame-3.99.5+repack1/debian/changelog lame-3.99.5+repack1/debian/changelog --- lame-3.99.5+repack1/debian/changelog 2015-06-15 09:05:28.0 -0400 +++ lame-3.99

Bug#793117: jessie-pu: package python-memcache/1.53+2014.06.08.git.918e88c496-1+deb8u1

Jessie. The easiest solution is to make python-memcache stops building python3-memcache in Jessie. This can be done with the attached fix. The diff against 1.53+2014.06.08.git.918e88c496-1+deb8u1 is attached. Best Regards, Hugo [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788561 --