Bug#743960: jbigkit 2.1
Control: reopen -1 carnil, 2.0-2+deb7u1 was prepared before CVEs were published (before 2.1 was release). There is no sense to upload 2.0-2.1, it would have been easier to upload 2.1 directly... Mickael, could you state if your 2.1 package is ready ? Thanks -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#743960: jbigkit 2.1
fixed 743960 2.0-2+deb7u1 fixed 743960 2.0-2.1 thanks Hi Mathieu, On Wed, Apr 30, 2014 at 08:47:00AM +0200, Mathieu Malaterre wrote: Control: reopen -1 carnil, 2.0-2+deb7u1 was prepared before CVEs were published (before 2.1 was release). There is no sense to upload 2.0-2.1, it would have been easier to upload 2.1 directly... Hmm, could you elaboreate what is wrong in your opionion what I did? The security team was aware of this issue before the the issue was made public. Moritz uploaded 2.0-2+deb7u1 to be relased as a DSA (https://www.debian.org/security/2014/dsa-2900). My upload was to have the same fix also for testing and unstable. So the bug is also fixed now in testing and unstable. I though agree that a new upstream version should also be uploaded. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#743960: jbigkit 2.1
On Wed, Apr 30, 2014 at 10:44 AM, Salvatore Bonaccorso car...@debian.org wrote: fixed 743960 2.0-2+deb7u1 fixed 743960 2.0-2.1 thanks Indeed, sorry for the mess. On Wed, Apr 30, 2014 at 08:47:00AM +0200, Mathieu Malaterre wrote: Control: reopen -1 carnil, 2.0-2+deb7u1 was prepared before CVEs were published (before 2.1 was release). There is no sense to upload 2.0-2.1, it would have been easier to upload 2.1 directly... Hmm, could you elaboreate what is wrong in your opionion what I did? The security team was aware of this issue before the the issue was made public. Moritz uploaded 2.0-2+deb7u1 to be relased as a DSA (https://www.debian.org/security/2014/dsa-2900). My upload was to have the same fix also for testing and unstable. So the bug is also fixed now in testing and unstable. I though agree that a new upstream version should also be uploaded. There is nothing /wrong/ per se. AFAIK there is no urgency to fix CVE(s) in testing/sid. Packager will now need to integrate your upload in its history, which may delay 2.1 release even further. And as a result 2.1 will be identical to 2.0-2+deb7u1, except it would have been 'cleaner' from my point of view. 2cts -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#743960: jbigkit 2.1
Hi Mathieu, On Wed, Apr 30, 2014 at 11:09:57AM +0200, Mathieu Malaterre wrote: On Wed, Apr 30, 2014 at 10:44 AM, Salvatore Bonaccorso car...@debian.org wrote: fixed 743960 2.0-2+deb7u1 fixed 743960 2.0-2.1 thanks Indeed, sorry for the mess. On Wed, Apr 30, 2014 at 08:47:00AM +0200, Mathieu Malaterre wrote: Control: reopen -1 carnil, 2.0-2+deb7u1 was prepared before CVEs were published (before 2.1 was release). There is no sense to upload 2.0-2.1, it would have been easier to upload 2.1 directly... Hmm, could you elaboreate what is wrong in your opionion what I did? The security team was aware of this issue before the the issue was made public. Moritz uploaded 2.0-2+deb7u1 to be relased as a DSA (https://www.debian.org/security/2014/dsa-2900). My upload was to have the same fix also for testing and unstable. So the bug is also fixed now in testing and unstable. I though agree that a new upstream version should also be uploaded. There is nothing /wrong/ per se. AFAIK there is no urgency to fix CVE(s) in testing/sid. Packager will now need to integrate your upload in its history, which may delay 2.1 release even further. And as a result 2.1 will be identical to 2.0-2+deb7u1, except it would have been 'cleaner' from my point of view. Ah, now I uderstand better your reply :). This was the reason for me to upload the NMU: There was a DSA for it, and unstable version was still unfixed. As there was no reply from Michael regarding the 2.1 upload, to have the fix in jessie, also guarateeing that version(wheezy) = version(jessie) I did a minimal diff update only applying the patch needed as NMU (not looking at new upstream version what else might have changed[*]). The package was then 'urgented' by the Release Team before the Wheezy 7.5 point release update so that we have above condition now. Mathieu, tanks for taking time and explaining your point of view! Regards, Salvatore [*] to give an example: I also did libyaml updates for security fixes to unstable recently, updating to new upstream version would have introduced also a new build-system. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#743960: JBIGKIT 2.1
Hi Michael, On Sun, Apr 8, 2012 at 7:33 AM, Michael van der Kolff mvanderko...@gmail.com wrote: I've made the change suggested. It's now in the VCS, tagged as 2.0-2. Mathieu, would you please upload it? Sorry for the inconvenience. Warmest regards, Markus recently made a new release of jbgkit which solve some security issue. Are you going to prepare another upload ? Thanks much, -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org