Hi Adam,
On Sat, Dec 31, 2016 at 04:58:46PM +0000, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Fri, 2016-12-30 at 07:52 +0100, Salvatore Bonaccorso wrote:
> > src:cairo in jessie is affected by CVE-2016-9082 which would not
> > warrant a DSA. A while back in october the issue was already fixed in
> > unstable, cf. #842289. I would like to propose the attached debdiff
> > for the upcoming point release.
>
> Please go ahead.
Thanks uploaded.
> > Note: in the 1.14.0-2.1 -> 1.14.0-2.1+deb8u1 the binary package
> > binary-cairo-perf-utils got one more binary added
> > (/usr/bin/cairo-perf-graph-files). Whit this update that goes back to
> > the 1.14.0-2.1 situation.
>
> Do we know why that happened?
I do not know. Cc'ing Moritz. But I guess the build environment might
have had an addtional package installed. Because it is not the case
for the binary packages built by the buildd's, e.g. i386:
$ debdiff cairo-perf-utils_1.14.0-2.1_i386.deb
cairo-perf-utils_1.14.0-2.1+deb8u1_i386.deb
File lists identical (after any substitutions)
Control files: lines which differ (wdiff format)
------------------------------------------------
Version: [-1.14.0-2.1-] {+1.14.0-2.1+deb8u1+}
Regards,
Salvatore
