Hi Adam, On Thu, Sep 28, 2017 at 06:43:59AM +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Thu, 2017-09-28 at 05:02 +0200, Salvatore Bonaccorso wrote: > > weechat in stretch is affected by CVE-2017-14727, tracked as #876553. > > > > > * logger: call strftime before replacing buffer local variables > > > (CVE-2017-14727) (Closes: #876553) > > > > https://weechat.org/news/98/20170923-Version-1.9.1-security-release/ > > > > Attached proposed debdiff for the stretch point release. > > > > There's quite a bit of noise in such a small diff. :-( I appreciate > why, though.
Yes I can understand, you are a bit unahppy with me with that regard. I followed upstream, which renamed several of the mask_* pointers and added a new one for one more operation and shuffled around. I prefered to rather follow upstream here, hope I can convince you. or did you mean something else? > Please go ahead. Done, despite maybe the above raises questions. In case of such, feel free to reject the upload and we can do a turnaround. Salvatore