[Bug 1971185] Re: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy

[Seth Arnold]

Hello Luís, 4.5MB feels pretty unlikely for a security fix; the diffstat
on that debdiff is all over the place:

$ diffstat spip_focal.debdiff 
 
/tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-audio-ogg.swf
      |binary
 
/tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-audio.swf
          |binary
 
/tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-video-hls.swf
      |binary
 
/tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-video-mdash.swf
    |binary
 
/tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-video.swf
          |binary
 spip-3.2.15/.gitignore                                                         
                |  129 
 spip-3.2.15/CHANGELOG.TXT                                                      
                |  318 +
 spip-3.2.15/config/ecran_securite.php                                          
                |   23 
...

Normally security fixes add patches to debian/patches/ directory, modify
a debian/patches/series file, modifies the debian/changelog. It's very
rare to modify files outside of this hierarchy (except for 'native
packages', but those don't typically have version numbers this complex).

Could you double-check that you've prepared the patches that you thought
you prepared?

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1971185

Title:
  Multiple vulnerabilities in Bionic, Focal, Impish and Jammy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs