Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-18 Thread Chris Lamb
[Adding 922...@bugs.debian.org to CC for completeness / BTS archive] Chris Lamb wrote: > > So using the ssize_t version that preserves the sizes of the arguments > > and return type of the function is the safer choice, regardless of > > upstream's claim that the function is private. > >

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-18 Thread Chris Lamb
Hi Mattias, > Is the aim of this discussion still to determine which version of the > proposed change to use? The original int version, or the updated > ssize_t version? I'm sorry to hear in your mail that you are feeling frustrated ("derail into a general complaint…" etc.) as our shared goal is

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-18 Thread Mattias Ellert
lör 2019-02-16 klockan 22:05 + skrev Ben Hutchings: > On Sat, 2019-02-16 at 06:43 +0100, Mattias Ellert wrote: > > lör 2019-02-16 klockan 00:12 +0100 skrev Chris Lamb: > > > Hi Mattias, > > > > > > > What exactly do you want to run past upstream? It is not clear to me > > > > what you are

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-16 Thread Ben Hutchings
On Sat, 2019-02-16 at 06:43 +0100, Mattias Ellert wrote: > lör 2019-02-16 klockan 00:12 +0100 skrev Chris Lamb: > > Hi Mattias, > > > > > What exactly do you want to run past upstream? It is not clear to me > > > what you are requesting here. > > > > Your change to the patch, no? :) > > > > >

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Mattias Ellert
lör 2019-02-16 klockan 00:12 +0100 skrev Chris Lamb: > Hi Mattias, > > > What exactly do you want to run past upstream? It is not clear to me > > what you are requesting here. > > Your change to the patch, no? :) > > > Regards, > OK. https://sourceforge.net/p/gsoap2/bugs/1236/

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Chris Lamb
Hi Mattias, > What exactly do you want to run past upstream? It is not clear to me > what you are requesting here. Your change to the patch, no? :) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org  chris-lamb.co.uk `-

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Mattias Ellert
fre 2019-02-15 klockan 22:15 +0100 skrev Chris Lamb: > Hi Mattias, > > The patch was based on the suggested fix from upstream which uses int. > > But I agree ssize_t is a better choice. > > Thanks for attaching an updated debdiff. Can you run this past upstream? > > > Regards, What exactly do

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Chris Lamb
Hi Mattias, > The patch was based on the suggested fix from upstream which uses int. > But I agree ssize_t is a better choice. Thanks for attaching an updated debdiff. Can you run this past upstream? Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Mattias Ellert
fre 2019-02-15 klockan 17:56 +0100 skrev Chris Lamb: > Ben Hutchings wrote: > > > > Given the reference to cookies in the upstream advisory, I think the > > actual bug is > > […] > > Thanks for looking into this. For the avoidance of doubt I will not > proceed with an upload. > > With my

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Chris Lamb
Ben Hutchings wrote: > Given the reference to cookies in the upstream advisory, I think the > actual bug is […] Thanks for looking into this. For the avoidance of doubt I will not proceed with an upload. With my "front desk" hat on, I've also added a link in the data/ CVE/list to this thread

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Ben Hutchings
On Fri, 2019-02-15 at 13:39 +0100, Emilio Pozuelo Monfort wrote: > On 15/02/2019 13:31, Chris Lamb wrote: > > Hi Mattias, > > > > > I submitted this jessie update to the release team, but was informed to > > > contact you about it instead. What do I do? > > > > Indeed, they have sent you to the

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Emilio Pozuelo Monfort
On 15/02/2019 13:31, Chris Lamb wrote: > Hi Mattias, > >> I submitted this jessie update to the release team, but was informed to >> contact you about it instead. What do I do? > > Indeed, they have sent you to the right place. :) As-per: > > https://wiki.debian.org/LTS/Development > > … we

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Chris Lamb
Hi Mattias, > I submitted this jessie update to the release team, but was informed to > contact you about it instead. What do I do? Indeed, they have sent you to the right place. :) As-per: https://wiki.debian.org/LTS/Development … we would fix CVE-2019-7659 via a jessie "LTS" security

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Mattias Ellert
by "Adam D. Barratt" (Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2) Datum: Fri, 15 Feb 2019 10:36:08 + This is an automatic notification regarding your Bug report which was filed against the release.debian.org package: #922384: jessie-pu: package gsoap/2.8.17-1+deb8