DD Ping: Review of Tomb for CVE-2020-28638

[Sven Geuer]

Hi Samuel + Team,

I prepared fixed versions of tomb for unstable [1], 2.7+dfsg2-2, and
buster-backports [2], 2.7+dfsg2-2~bpo10+1. Please review these. I added
myself as uploader, so feel free to provide upload permissions to me.

Regarding buster I assume I should provide a 2.5+dfsg1-3 on a
debian/buster branch in the repository. I would only add the security
fix, nothing else. Is this the way to go?

Sven

[1] 
https://salsa.debian.org/pkg-security-team/tomb/-/tree/debian/master
[2] 
https://salsa.debian.org/pkg-security-team/tomb/-/tree/debian/buster-backports


signature.asc
Description: This is a digitally signed message part

Re: Request to review and upload libvhdi_20201018-1

[Francisco Vilmar Cardoso Ruviaro]

Hello team,

We talked to libvhdi upstream,
in short, soname bump won't happen yet and
he says "Checking with git whatchanged -p include/libvhdi.h.in I don't see any
mayor API (and therefore ABI) changes in the last ~4 years; a couple of
functions added and a couple of non-functional write functions were removed.".


I have locally rebuilt the reversed dependencies (pytsk and sleuthkit) on amd64,
and everything was built correctly, both in testing and in unstable.

Below the output of the reversed dependencies:

$reverse-depends src:libvhdi
Reverse-Depends
* libtsk19  (for libvhdi1)
* python3-dfvfs (for python3-libvhdi)
* python3-plaso (for python3-libvhdi)
* python3-tsk   (for libvhdi1)
* sleuthkit (for libvhdi1)

$reverse-depends -b src:libvhdi
Reverse-Build-Depends
* dfvfs (for python3-libvhdi)
* plaso (for python3-libvhdi)
* pytsk (for libvhdi-dev)
* sleuthkit (for libvhdi-dev)


Samuel, would you like me to request a transition slot for libvhdi?

Best regards,
-- 
Francisco Vilmar Cardoso Ruviaro 
4096R: 1B8C F656 EF3B 8447 2F48 F0E7 82FB F706 0B2F 7D00