rules for regression updates in DLAs (was Re: [SECURITY] [DLA 1865-1] sdl-image1.2 security update)

2019-07-29 Thread Holger Levsen
On Sun, Jul 28, 2019 at 02:06:16AM +0100, Ben Hutchings wrote: > I don't think it's explicitly documented; I inferred it from these > rules: > > 1. Corrections should be sent to the same recipients as the original > incorrect information. > 2. All messages sent to debian-lts-announce about

Re: [SECURITY] [DLA 1865-1] sdl-image1.2 security update

2019-07-27 Thread Hugo Lefeuvre
> I don't think it's explicitly documented; I inferred it from these > rules: > > 1. Corrections should be sent to the same recipients as the original > incorrect information. > 2. All messages sent to debian-lts-announce about package updates > should be numbered DLAs. > 3. DLAs that are related

Re: [SECURITY] [DLA 1865-1] sdl-image1.2 security update

2019-07-27 Thread Ben Hutchings
On Sat, 2019-07-27 at 18:30 -0300, Hugo Lefeuvre wrote: > Hi Ben, > > > > > For Debian 8 "Jessie", these problems have been fixed in version > > > > 1.2.12-5+deb9u2. > > > > > > Typo: version number is 1.2.12-5+deb8u2, not 1.2.12-5+deb9u2. > > > > The proper way to make such a correction is to

Re: [SECURITY] [DLA 1865-1] sdl-image1.2 security update

2019-07-27 Thread Hugo Lefeuvre
Hi Ben, > > > For Debian 8 "Jessie", these problems have been fixed in version > > > 1.2.12-5+deb9u2. > > > > Typo: version number is 1.2.12-5+deb8u2, not 1.2.12-5+deb9u2. > > The proper way to make such a correction is to issue a -2 advisory with > the correct information and a note about what

Re: [SECURITY] [DLA 1865-1] sdl-image1.2 security update

2019-07-27 Thread Ben Hutchings
On Sat, 2019-07-27 at 16:04 -0300, Hugo Lefeuvre wrote: > On Sat, Jul 27, 2019 at 03:30:14PM -0300, Hugo Lefeuvre wrote: > > Package: sdl-image1.2 > > Version: 1.2.12-5+deb9u2 > > CVE ID : CVE-2018-3977 CVE-2019-5051 CVE-2019-5052 CVE-2019-7635 > >

Re: [SECURITY] [DLA 1865-1] sdl-image1.2 security update

2019-07-27 Thread Hugo Lefeuvre
On Sat, Jul 27, 2019 at 03:30:14PM -0300, Hugo Lefeuvre wrote: > Package: sdl-image1.2 > Version: 1.2.12-5+deb9u2 > CVE ID : CVE-2018-3977 CVE-2019-5051 CVE-2019-5052 CVE-2019-7635 > CVE-2019-12216 CVE-2019-12217 CVE-2019-12218 CVE-2019-12219 >