subject:"Bug#876535\: openjpeg2\: Incoorporate lost changelogs \(and possibly changes\) for NMUs 2.1.2\-1.1, 2.1.2\-1.2 and 2.1.2\-1.3"

Bug#876535: openjpeg2: Incoorporate lost changelogs (and possibly changes) for NMUs 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3

2017-09-25 Thread Salvatore Bonaccorso

Hi Mathieu,

On Mon, Sep 25, 2017 at 10:12:31AM +0200, Mathieu Malaterre wrote:
> Control: tags -1 pending
> 
> Hi Salvatore,
> 
> On Sat, Sep 23, 2017 at 1:59 PM, Salvatore Bonaccorso  
> wrote:
> > Source: openjpeg2
> > Version: 2.2.0-1
> > Severity: normal
> >
> > Hi Mathieu,
> >
> > There was an update for openjpeg2 not incoorporating the NMU changelog
> > for 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3. Please consider incorporating
> > those again (and double check no change was lost, I guess not that all
> > should in meanwhile be included in 2.2.0, but for #851422 I'm unsure
> > if it was fully covered, see the respective upstream issues which only
> > partially landed in 2.2.0).
> >
> > Specifically there were some CVEs addressed, which are hopefully still
> > be fixed in 2.2.0-1, the FTBFS defintively seems so.
> >
> > cut-cut-cut-cut-cut-cut-
> > diff -Nru openjpeg2-2.1.2/debian/changelog openjpeg2-2.2.0/debian/changelog
> > --- openjpeg2-2.1.2/debian/changelog2017-08-12 15:54:38.0 +0200
> > +++ openjpeg2-2.2.0/debian/changelog2017-09-22 21:51:36.0 +0200
> > @@ -1,26 +1,13 @@
> > -openjpeg2 (2.1.2-1.3) unstable; urgency=medium
> > +openjpeg2 (2.2.0-1) unstable; urgency=medium
> >
> > -  * Fix FTFBS (Closes: #871905)
> > +  * New upstream release. Closes: #872041
> > +  * Fix CVE-2016-9113. Closes: #844552
> > +  * Fix CVE-2016-9114. Closes: #844553
> > +  * Fix CVE-2016-9115. Closes: #844554
> > +  * Fix CVE-2016-9116. Closes: #844555
> > +  * Fix CVE-2016-9117. Closes: #844556
> >
> > - -- Moritz Muehlenhoff   Sat, 12 Aug 2017 15:54:38 +0200
> > -
> > -openjpeg2 (2.1.2-1.2) unstable; urgency=medium
> > -
> > -  * Non-maintainer upload
> > -  * Fix CVE-2016-1626, CVE-2016-1628, CVE-2016-5152, CVE-2016-9112 and
> > -CVE-2016-9118.patch
> > -
> > - -- Moritz Muehlenhoff   Fri, 11 Aug 2017 22:17:07 +0200
> > -
> > -openjpeg2 (2.1.2-1.1) unstable; urgency=medium
> > -
> > -  * Non-maintainer upload.
> > -  * Add CVE-2016-9572_CVE-2016-9573.patch patch.
> > -CVE-2016-9572: NULL pointer dereference in input decoding
> > -CVE-2016-9573: Heap out-of-bounds read due to insufficient check in
> > -imagetopnm(). (Closes: #851422)
> > -
> > - -- Salvatore Bonaccorso   Sun, 22 Jan 2017 14:18:13 
> > +0100
> > + -- Mathieu Malaterre   Fri, 22 Sep 2017 21:51:36 +0200
> >
> >  openjpeg2 (2.1.2-1) unstable; urgency=medium
> > cut-cut-cut-cut-cut-cut-
> >
> > Thanks for your time, double-checking and working on openjpeg2!
> 
> Wow ! That was bad :( Thanks for catching my mistake.

Thanks a lot for looking that quickly into this!

And thanks for reopening the bugs regarding the 2.2.0-1 stanza, which
are still under investigation/not yet fixed.

Regards,
Salvatore

Bug#876535: openjpeg2: Incoorporate lost changelogs (and possibly changes) for NMUs 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3

2017-09-25 Thread Mathieu Malaterre

Control: tags -1 pending

Hi Salvatore,

On Sat, Sep 23, 2017 at 1:59 PM, Salvatore Bonaccorso  wrote:
> Source: openjpeg2
> Version: 2.2.0-1
> Severity: normal
>
> Hi Mathieu,
>
> There was an update for openjpeg2 not incoorporating the NMU changelog
> for 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3. Please consider incorporating
> those again (and double check no change was lost, I guess not that all
> should in meanwhile be included in 2.2.0, but for #851422 I'm unsure
> if it was fully covered, see the respective upstream issues which only
> partially landed in 2.2.0).
>
> Specifically there were some CVEs addressed, which are hopefully still
> be fixed in 2.2.0-1, the FTBFS defintively seems so.
>
> cut-cut-cut-cut-cut-cut-
> diff -Nru openjpeg2-2.1.2/debian/changelog openjpeg2-2.2.0/debian/changelog
> --- openjpeg2-2.1.2/debian/changelog2017-08-12 15:54:38.0 +0200
> +++ openjpeg2-2.2.0/debian/changelog2017-09-22 21:51:36.0 +0200
> @@ -1,26 +1,13 @@
> -openjpeg2 (2.1.2-1.3) unstable; urgency=medium
> +openjpeg2 (2.2.0-1) unstable; urgency=medium
>
> -  * Fix FTFBS (Closes: #871905)
> +  * New upstream release. Closes: #872041
> +  * Fix CVE-2016-9113. Closes: #844552
> +  * Fix CVE-2016-9114. Closes: #844553
> +  * Fix CVE-2016-9115. Closes: #844554
> +  * Fix CVE-2016-9116. Closes: #844555
> +  * Fix CVE-2016-9117. Closes: #844556
>
> - -- Moritz Muehlenhoff   Sat, 12 Aug 2017 15:54:38 +0200
> -
> -openjpeg2 (2.1.2-1.2) unstable; urgency=medium
> -
> -  * Non-maintainer upload
> -  * Fix CVE-2016-1626, CVE-2016-1628, CVE-2016-5152, CVE-2016-9112 and
> -CVE-2016-9118.patch
> -
> - -- Moritz Muehlenhoff   Fri, 11 Aug 2017 22:17:07 +0200
> -
> -openjpeg2 (2.1.2-1.1) unstable; urgency=medium
> -
> -  * Non-maintainer upload.
> -  * Add CVE-2016-9572_CVE-2016-9573.patch patch.
> -CVE-2016-9572: NULL pointer dereference in input decoding
> -CVE-2016-9573: Heap out-of-bounds read due to insufficient check in
> -imagetopnm(). (Closes: #851422)
> -
> - -- Salvatore Bonaccorso   Sun, 22 Jan 2017 14:18:13 +0100
> + -- Mathieu Malaterre   Fri, 22 Sep 2017 21:51:36 +0200
>
>  openjpeg2 (2.1.2-1) unstable; urgency=medium
> cut-cut-cut-cut-cut-cut-
>
> Thanks for your time, double-checking and working on openjpeg2!

Wow ! That was bad :( Thanks for catching my mistake.

Bug#876535: openjpeg2: Incoorporate lost changelogs (and possibly changes) for NMUs 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3

2017-09-23 Thread Salvatore Bonaccorso

Source: openjpeg2
Version: 2.2.0-1
Severity: normal

Hi Mathieu,

There was an update for openjpeg2 not incoorporating the NMU changelog
for 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3. Please consider incorporating
those again (and double check no change was lost, I guess not that all
should in meanwhile be included in 2.2.0, but for #851422 I'm unsure
if it was fully covered, see the respective upstream issues which only
partially landed in 2.2.0).

Specifically there were some CVEs addressed, which are hopefully still
be fixed in 2.2.0-1, the FTBFS defintively seems so.

cut-cut-cut-cut-cut-cut-
diff -Nru openjpeg2-2.1.2/debian/changelog openjpeg2-2.2.0/debian/changelog
--- openjpeg2-2.1.2/debian/changelog2017-08-12 15:54:38.0 +0200
+++ openjpeg2-2.2.0/debian/changelog2017-09-22 21:51:36.0 +0200
@@ -1,26 +1,13 @@
-openjpeg2 (2.1.2-1.3) unstable; urgency=medium
+openjpeg2 (2.2.0-1) unstable; urgency=medium

-  * Fix FTFBS (Closes: #871905)
+  * New upstream release. Closes: #872041
+  * Fix CVE-2016-9113. Closes: #844552
+  * Fix CVE-2016-9114. Closes: #844553
+  * Fix CVE-2016-9115. Closes: #844554
+  * Fix CVE-2016-9116. Closes: #844555
+  * Fix CVE-2016-9117. Closes: #844556

- -- Moritz Muehlenhoff   Sat, 12 Aug 2017 15:54:38 +0200
-
-openjpeg2 (2.1.2-1.2) unstable; urgency=medium
-
-  * Non-maintainer upload
-  * Fix CVE-2016-1626, CVE-2016-1628, CVE-2016-5152, CVE-2016-9112 and
-CVE-2016-9118.patch
-
- -- Moritz Muehlenhoff   Fri, 11 Aug 2017 22:17:07 +0200
-
-openjpeg2 (2.1.2-1.1) unstable; urgency=medium
-
-  * Non-maintainer upload.
-  * Add CVE-2016-9572_CVE-2016-9573.patch patch.
-CVE-2016-9572: NULL pointer dereference in input decoding
-CVE-2016-9573: Heap out-of-bounds read due to insufficient check in
-imagetopnm(). (Closes: #851422)
-
- -- Salvatore Bonaccorso   Sun, 22 Jan 2017 14:18:13 +0100
+ -- Mathieu Malaterre   Fri, 22 Sep 2017 21:51:36 +0200

 openjpeg2 (2.1.2-1) unstable; urgency=medium
cut-cut-cut-cut-cut-cut-

Thanks for your time, double-checking and working on openjpeg2!

Regards,
Salvatore

Bug#876535: openjpeg2: Incoorporate lost changelogs (and possibly changes) for NMUs 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3

Bug#876535: openjpeg2: Incoorporate lost changelogs (and possibly changes) for NMUs 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3

Bug#876535: openjpeg2: Incoorporate lost changelogs (and possibly changes) for NMUs 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3

3 matches

Site Navigation

Mail list logo

Footer information