Re: Bug#988832: unblock: libx11/2:1.7.1-1

2021-05-21 Thread Cyril Brulebois 
Hi,

Paul Gevers  (2021-05-21):
> On 20-05-2021 10:26, Emilio Pozuelo Monfort wrote:
> > Please unblock package libx11
> 
> This needs also an ack from d-i, boot CC-ed.

Tests are looking good, feel free to go ahead.

> > The debdiff is a little large due to the autotools version the
> > tarball was generated with. I'm attaching a debdiff filtered with
> > 
> >   filterdiff -x '*/Makefile.in' -x '*.man' -x '*/aclocal.m4' -x 
> > '*/configure'
> > 
> > (the *.man changes are actual manpage syntax fixes, but make it
> > harder to review the actually important code fixes in this update,
> > so I filtered them).

Thanks for that.

> Funny how some copyrights go backward in time in this release.

Exactly my first reaction when I d'd your package. :)


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Re: Bug#988832: unblock: libx11/2:1.7.1-1

2021-05-21 Thread Paul Gevers 
Control: tags -1 d-i confirmed

Hi,

On 20-05-2021 10:26, Emilio Pozuelo Monfort wrote:
> Please unblock package libx11

This needs also an ack from d-i, boot CC-ed.

> This fixes CVE-2021-31535, a bug in libX11 which could lead to the
> execution of additional X requests due to insufficient buffer checks.
> 
> I have done some manual tests (run an X server with various applications)
> 
> The risks are minor as the changes are pretty much limited to the security
> fix, with minor changes aside of that.
> 
> [ Checklist ]
>   [x] all changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in testing
> 
> The debdiff is a little large due to the autotools version the tarball
> was generated with. I'm attaching a debdiff filtered with
> 
>   filterdiff -x '*/Makefile.in' -x '*.man' -x '*/aclocal.m4' -x '*/configure'
> 
> (the *.man changes are actual manpage syntax fixes, but make it harder to 
> review
> the actually important code fixes in this update, so I filtered them).

Funny how some copyrights go backward in time in this release.

Paul



OpenPGP_signature
Description: OpenPGP digital signature