On 27.01.2016 23:26, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Wed, 2016-01-27 at 15:49 +0100, Daniel Stender wrote: >> The new package fixes #812577 [0]: the patch no-predictable-tmpfiles.patch >> including in 0.6.3-1.2+deb7u1 fixed CVE-2015-7758 successfully, but has the >> flaw that temporary include paths for images etc. in the tex documents >> couldn't be used, but must be absolute (because a workfile [.tex.swp] in the >> project path is missing). >> >> In the meanwhile upstream released a fix for CVE-2015-7758 which elegantly >> uses a XDG cache dir for the temprary files to solve the problem [1]. > > Does this also affect the Jessie package? > > [...] >> Please see the attached diff for changes between deb7u1 and deb7u2. I've >> build >> against Oldstable with Sbuild [2]. 0.6.3-1.2+deb7u1 is currently pending >> [3], I would >> guess it just could be replaced in the pending state? > > Yes. In this context, "pending" means "in {,o-}p-u, waiting to form part > of a point release" so updated revisions aren't an issue (although, in > fairness, the old revision is then no longer actually in p-u; its > contents are in practice though). > > Regards, > > Adam
Hi Adam, thanks for the quick reply. Yes, that bug also affects the Jessie package. I'll create a deb8u2 soon. O.k., good. Thus I'll upload then now. Daniel -- 4096R/DF5182C8 46CB 1CA8 9EA3 B743 7676 1DB9 15E0 9AF4 DF51 82C8 LPI certified Linux admin (LPI000329859 64mz6f7kt4) http://www.danielstender.com/blog/