I've got some concerns about this: $ diffstat !$ diffstat libytnef_1.9.2-2_1.9.3-1.diff ChangeLog | 16 +++ configure.ac | 2 debian/changelog | 24 +++++ debian/compat | 2 debian/control | 13 +- debian/patches/CVE-2017-9058.patch | 13 -- debian/patches/series | 1 lib/ytnef.c | 170 ++++++++++++++++++++----------------- ytnef/main.c | 37 ++++---- ytnefprint/main.c | 2 10 files changed, 168 insertions(+), 112 deletions(-)
The package is managed with quilt patches but there are significant changes to five files made directly to the files rather than via quilt patches. (Of those, only the changes to the .c files look like security fixes, but those should be handled via individual patches, similar to the now-removed CVE-2017-9058.patch.) The changelog still mentions Debian unstable rather than a specific Ubuntu release. How did you test your changes? Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666884 Title: libytnef: February 2017 multiple vulnerabilities (X41-2017-002) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libytnef/+bug/1666884/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
