Hi Mathieu, On Mon, Sep 25, 2017 at 10:12:31AM +0200, Mathieu Malaterre wrote: > Control: tags -1 pending > > Hi Salvatore, > > On Sat, Sep 23, 2017 at 1:59 PM, Salvatore Bonaccorso <car...@debian.org> > wrote: > > Source: openjpeg2 > > Version: 2.2.0-1 > > Severity: normal > > > > Hi Mathieu, > > > > There was an update for openjpeg2 not incoorporating the NMU changelog > > for 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3. Please consider incorporating > > those again (and double check no change was lost, I guess not that all > > should in meanwhile be included in 2.2.0, but for #851422 I'm unsure > > if it was fully covered, see the respective upstream issues which only > > partially landed in 2.2.0). > > > > Specifically there were some CVEs addressed, which are hopefully still > > be fixed in 2.2.0-1, the FTBFS defintively seems so. > > > > ----cut---------cut---------cut---------cut---------cut---------cut----- > > diff -Nru openjpeg2-2.1.2/debian/changelog openjpeg2-2.2.0/debian/changelog > > --- openjpeg2-2.1.2/debian/changelog 2017-08-12 15:54:38.000000000 +0200 > > +++ openjpeg2-2.2.0/debian/changelog 2017-09-22 21:51:36.000000000 +0200 > > @@ -1,26 +1,13 @@ > > -openjpeg2 (2.1.2-1.3) unstable; urgency=medium > > +openjpeg2 (2.2.0-1) unstable; urgency=medium > > > > - * Fix FTFBS (Closes: #871905) > > + * New upstream release. Closes: #872041 > > + * Fix CVE-2016-9113. Closes: #844552 > > + * Fix CVE-2016-9114. Closes: #844553 > > + * Fix CVE-2016-9115. Closes: #844554 > > + * Fix CVE-2016-9116. Closes: #844555 > > + * Fix CVE-2016-9117. Closes: #844556 > > > > - -- Moritz Muehlenhoff <j...@debian.org> Sat, 12 Aug 2017 15:54:38 +0200 > > - > > -openjpeg2 (2.1.2-1.2) unstable; urgency=medium > > - > > - * Non-maintainer upload > > - * Fix CVE-2016-1626, CVE-2016-1628, CVE-2016-5152, CVE-2016-9112 and > > - CVE-2016-9118.patch > > - > > - -- Moritz Muehlenhoff <j...@debian.org> Fri, 11 Aug 2017 22:17:07 +0200 > > - > > -openjpeg2 (2.1.2-1.1) unstable; urgency=medium > > - > > - * Non-maintainer upload. > > - * Add CVE-2016-9572_CVE-2016-9573.patch patch. > > - CVE-2016-9572: NULL pointer dereference in input decoding > > - CVE-2016-9573: Heap out-of-bounds read due to insufficient check in > > - imagetopnm(). (Closes: #851422) > > - > > - -- Salvatore Bonaccorso <car...@debian.org> Sun, 22 Jan 2017 14:18:13 > > +0100 > > + -- Mathieu Malaterre <ma...@debian.org> Fri, 22 Sep 2017 21:51:36 +0200 > > > > openjpeg2 (2.1.2-1) unstable; urgency=medium > > ----cut---------cut---------cut---------cut---------cut---------cut----- > > > > Thanks for your time, double-checking and working on openjpeg2! > > Wow ! That was bad :( Thanks for catching my mistake.
Thanks a lot for looking that quickly into this! And thanks for reopening the bugs regarding the 2.2.0-1 stanza, which are still under investigation/not yet fixed. Regards, Salvatore _______________________________________________ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel