Salvatore Bonaccorso <car...@debian.org> writes: > Hi Felix,
hello Salvatore, > Sorry for the delay in getting back to you. > > On Fri, Apr 06, 2018 at 09:40:40PM +0200, Felix Natter wrote: >> hello Security Team, >> >> here are the CVE-2018-1000069 security updates for jessie and stretch: >> >> [jessie] >> https://anonscm.debian.org/cgit/pkg-java/freeplane.git/log/?h=jessie-CVE-2018-1000069 >> (jessie-CVE-2018-1000069 branch) >> >> [stretch] >> https://anonscm.debian.org/cgit/pkg-java/freeplane.git/log/?h=stretch-CVE-2018-1000069 >> (stretch-CVE-2018-1000069 branch) >> >> Both are tested: >> - builds >> - activation log message is seen >> - Save and Load XML works >> >> In what format would you like the "tested packages"? *.deb? >> >> Here is the corrsponding upstream commit: >> https://github.com/freeplane/freeplane/commit/a5dce7f9f >> >> The debdiffs are attached. > > Debdiffs looks good to me. I just have a question, for the > jessie-debdiff: In the ScriptingRegistration.java was the removal of > the import of org.freeplane.n3.nanoxml.XMLParserFactory not done on > purpose? Yes and no. On jessie the patch did not cleanly apply, so I would have had to apply that change manually. Since removing the import has no effect on the semantics of the program (as long as it still compiles), I was too lazy. It should be ok. > Other than that, when above question commented on, feel free to upload > to security-master (AFICS you will need a sponsor, but guess Markus > will cime in here as well). Remember that both needs to be build with > -sa. May I ask why the full source must be included? @Markus: Would you be so kind to take care of uploading? Cheers and Best Regards, -- Felix Natter debian/rules!