Salvatore Bonaccorso <car...@debian.org> writes:

> Hi Felix,

hello Salvatore,

> Sorry for the delay in getting back to you.
>
> On Fri, Apr 06, 2018 at 09:40:40PM +0200, Felix Natter wrote:
>> hello Security Team,
>> 
>> here are the CVE-2018-1000069 security updates for jessie and stretch:
>> 
>> [jessie]
>> https://anonscm.debian.org/cgit/pkg-java/freeplane.git/log/?h=jessie-CVE-2018-1000069
>> (jessie-CVE-2018-1000069 branch)
>> 
>> [stretch]
>> https://anonscm.debian.org/cgit/pkg-java/freeplane.git/log/?h=stretch-CVE-2018-1000069
>> (stretch-CVE-2018-1000069 branch)
>> 
>> Both are tested:
>> - builds
>> - activation log message is seen
>> - Save and Load XML works
>> 
>> In what format would you like the "tested packages"? *.deb?
>> 
>> Here is the corrsponding upstream commit:
>> https://github.com/freeplane/freeplane/commit/a5dce7f9f
>> 
>> The debdiffs are attached.
>
> Debdiffs looks good to me. I just have a question, for the
> jessie-debdiff: In the ScriptingRegistration.java was the removal of
> the import of org.freeplane.n3.nanoxml.XMLParserFactory not done on
> purpose?

Yes and no. On jessie the patch did not cleanly apply, so I would have
had to apply that change manually. Since removing the import has no
effect on the semantics of the program (as long as it still compiles), I
was too lazy. It should be ok.

> Other than that, when above question commented on, feel free to upload
> to security-master (AFICS you will need a sponsor, but guess Markus
> will cime in here as well). Remember that both needs to be build with
> -sa.

May I ask why the full source must be included?

@Markus: Would you be so kind to take care of uploading?

Cheers and Best Regards,
-- 
Felix Natter
debian/rules!

Reply via email to