Hi Roberto, On Thu, Nov 01, 2018 at 09:11:38PM -0400, Roberto C. Sánchez wrote: > On Tue, Oct 30, 2018 at 08:51:49AM +0100, Salvatore Bonaccorso wrote: > > > > Yes this is right. There was as well announced > > https://lists.debian.org/debian-devel-announce/2018/04/msg00007.html > > for a slightly changed worflow possibility (for the cases one is > > absolutely confident the upload will be accepted, once can upload in > > advance, but still submit debdiff and bug to release.d.o). > > > So, I went ahead and filed the bug rather than uploading preemptively. > The bug is #912531. Adam pointed out that the CVE in question is still > open in unstable. Is there a plan to upload a 0.25-5 version that > addresses the CVE? Or is there work underway to upload a 0.26 package? > > Alternately, I could NMU to unstable based on 0.25-4 to clear the way > for the stable proposed update of 0.25-3.1+deb9u2. I am happy to do > what I can to help or to wait if that is what serves the team best. > > Please advise.
Right the fix needs to be first in unstable, so either a maintainer upload for 0.25-4 but I guess the exiv2 maintainer would not object against a NMU, but I cannot speak for the exiv2 packaging team. Regards, Salvatore _______________________________________________ pkg-kde-extras mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
