Hi Roberto, On Sat, Oct 20, 2018 at 11:10:17PM -0400, Roberto C. Sánchez wrote: > Hi all, > > I prepared an update of exiv2 for jessie. The patches I prepared > applied to the stretch version with only one minor change required. > > The main change is the patch for CVE-2018-16336. However, I also > included a tweak to the patch for CVE-2018-10958/CVE-2018-10999 based on > feedback I received approximately one month after I uploaded the last > security update for exiv2: > > https://github.com/Exiv2/exiv2/issues/302#issuecomment-408640903 > > I have attached a debdiff from version 0.25-3.1+deb9u1 to > 0.25-3.1+deb9u2 for your review and the actual packages are available > here: > > https://people.debian.org/~roberto/ > > If the package and proposed changes look good, please let me know and I > can sign and upload the packages and someone on the security team can > publish the DSA.
Looking at CVE-2018-16336 I feel it does not really warrant a DSA on it's own. But given you have prepared a targeted fix for the issue, can I redirect you trough the stretch-pu mechanism and have a fix included in the next stretch point release? Regards, Salvatore _______________________________________________ pkg-kde-extras mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
