Control: tags -1 pending Hi Salvatore,
On Sat, Sep 23, 2017 at 1:59 PM, Salvatore Bonaccorso <car...@debian.org> wrote: > Source: openjpeg2 > Version: 2.2.0-1 > Severity: normal > > Hi Mathieu, > > There was an update for openjpeg2 not incoorporating the NMU changelog > for 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3. Please consider incorporating > those again (and double check no change was lost, I guess not that all > should in meanwhile be included in 2.2.0, but for #851422 I'm unsure > if it was fully covered, see the respective upstream issues which only > partially landed in 2.2.0). > > Specifically there were some CVEs addressed, which are hopefully still > be fixed in 2.2.0-1, the FTBFS defintively seems so. > > ----cut---------cut---------cut---------cut---------cut---------cut----- > diff -Nru openjpeg2-2.1.2/debian/changelog openjpeg2-2.2.0/debian/changelog > --- openjpeg2-2.1.2/debian/changelog 2017-08-12 15:54:38.000000000 +0200 > +++ openjpeg2-2.2.0/debian/changelog 2017-09-22 21:51:36.000000000 +0200 > @@ -1,26 +1,13 @@ > -openjpeg2 (2.1.2-1.3) unstable; urgency=medium > +openjpeg2 (2.2.0-1) unstable; urgency=medium > > - * Fix FTFBS (Closes: #871905) > + * New upstream release. Closes: #872041 > + * Fix CVE-2016-9113. Closes: #844552 > + * Fix CVE-2016-9114. Closes: #844553 > + * Fix CVE-2016-9115. Closes: #844554 > + * Fix CVE-2016-9116. Closes: #844555 > + * Fix CVE-2016-9117. Closes: #844556 > > - -- Moritz Muehlenhoff <j...@debian.org> Sat, 12 Aug 2017 15:54:38 +0200 > - > -openjpeg2 (2.1.2-1.2) unstable; urgency=medium > - > - * Non-maintainer upload > - * Fix CVE-2016-1626, CVE-2016-1628, CVE-2016-5152, CVE-2016-9112 and > - CVE-2016-9118.patch > - > - -- Moritz Muehlenhoff <j...@debian.org> Fri, 11 Aug 2017 22:17:07 +0200 > - > -openjpeg2 (2.1.2-1.1) unstable; urgency=medium > - > - * Non-maintainer upload. > - * Add CVE-2016-9572_CVE-2016-9573.patch patch. > - CVE-2016-9572: NULL pointer dereference in input decoding > - CVE-2016-9573: Heap out-of-bounds read due to insufficient check in > - imagetopnm(). (Closes: #851422) > - > - -- Salvatore Bonaccorso <car...@debian.org> Sun, 22 Jan 2017 14:18:13 +0100 > + -- Mathieu Malaterre <ma...@debian.org> Fri, 22 Sep 2017 21:51:36 +0200 > > openjpeg2 (2.1.2-1) unstable; urgency=medium > ----cut---------cut---------cut---------cut---------cut---------cut----- > > Thanks for your time, double-checking and working on openjpeg2! Wow ! That was bad :( Thanks for catching my mistake. _______________________________________________ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel