Control: tags -1 + pending
On Sun, 2017-09-24 at 09:16 +0200, Sven Joachim wrote:
> On 2017-09-23 19:59 +0100, Adam D. Barratt wrote:
>
> > Control: tags -1 -moreinfo +confirmed
> >
> > On Thu, 2017-09-07 at 19:06 +0200, Cyril Brulebois wrote:
> > > Sven Joachim <svenj...@gmx.de> (2017-09-06):
> > > > Meanwhile seven new CVEs in the tic library and programs have
> > > > been
> > > > reported, and I would like to fix those as well, see the
> > > > attached
> > > > new
> > > > debdiff. It contains all the library changes from the 20170826
> > > > upstream
> > > > patchlevel and the program fixes of the 20170902 patchlevel. I
> > > > have
> > > > also attached the test cases for the 13 bugs reported in the
> > > > Red
> > > > Hat
> > > > bugtracker.
> > > >
> > > > > > > I'd be okay with this, but it will need a kibi-ack due to
> > > > > > > the
> > > > > > > udeb.
> > > > > >
> > > > > > The changes do not touch the tinfo library which is all
> > > > > > that
> > > > > > shipped in
> > > > > > the udeb.
> > > > >
> > > > > To elaborate on that, ncurses/tinfo/{alloc,parse}_entry.c are
> > > > > compiled
> > > > > into the tic library while progs/dump_entry.c is for the
> > > > > infocmp
> > > > > and tic
> > > > > programs. Building 6.0+20161126-1 and 6.0+20161126-1+deb9u1
> > > > > in a
> > > > > stretch chroot produced identical libtinfo.so.5.9 files.
> > > >
> > > > This is unfortunately no longer the case, since strings.c and
> > > > trim_sgr0.c are compiled into the tinfo library. However, the
> > > > changes
> > > > to these files are small.
> > >
> > > I have no straightforward way to double check things still run
> > > smoothly
> > > with stretch's d-i, so I'll follow whatever decision the release
> > > team
> > > makes; if regressions pop up, we'll figure out how to fix them.
> > >
> >
> > Let's go with it and keep our fingers crossed that any issues show
> > up
> > quickly.
>
> Thanks, uploaded.
>
Flagged for acceptance, thanks.
Regards,
Adam
