Thanks for the updated patches - they look a lot better. Note, one thing we try and do is to add references to the patch files to indicate where they came from as per https://dep-team.pages.debian.net/deps/dep3/ - as an example see the update in http://launchpadlibrarian.net/596090586/subversion_1.14.1-3_1.14.1-3ubuntu0.1.diff.gz which shows these headers included in the new debian/patches/CVE- XXX.patch files which got added as part of that update.
Including these also makes it a lot easier for reviewers to ensure that the changes are 'official' and match what the upstream. Also the debian/changelog entry is a bit terse compared to what we normally would do - as an example please see step 3 at https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging However, in this case as you have already put a lot of work into these, I am happy to go with them as they are (although I am replacing the patches with the ones with dep-3 headers from the impish update linked above so we can keep as much attribution etc as possible). I will sponsor these later today/tomorrow. Thanks again. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970228 Title: Multiple vulnerabilities in Bionic, Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/1970228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
