[Pkg-kde-extras] exiv2 stretch update (CVE-2018-16336)
Roberto C. Sánchez
roberto at debian.org
Fri Nov 2 01:11:38 GMT 2018
On Tue, Oct 30, 2018 at 08:51:49AM +0100, Salvatore Bonaccorso wrote:
>
> Yes this is right. There was as well announced
> https://lists.debian.org/debian-devel-announce/2018/04/msg00007.html
> for a slightly changed worflow possibility (for the cases one is
> absolutely confident the upload will be accepted, once can upload in
> advance, but still submit debdiff and bug to release.d.o).
>
So, I went ahead and filed the bug rather than uploading preemptively.
The bug is #912531. Adam pointed out that the CVE in question is still
open in unstable. Is there a plan to upload a 0.25-5 version that
addresses the CVE? Or is there work underway to upload a 0.26 package?
Alternately, I could NMU to unstable based on 0.25-4 to clear the way
for the stable proposed update of 0.25-3.1+deb9u2. I am happy to do
what I can to help or to wait if that is what serves the team best.
Please advise.
Regards,
-Roberto
--
Roberto C. Sánchez
More information about the pkg-kde-extras
mailing list