[Pkg-phototools-devel] Bug#876535: openjpeg2: Incoorporate lost changelogs (and possibly changes) for NMUs 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3

Mathieu Malaterre malat at debian.org
Mon Sep 25 08:12:31 UTC 2017 

Control: tags -1 pending

Hi Salvatore,

On Sat, Sep 23, 2017 at 1:59 PM, Salvatore Bonaccorso <carnil at debian.org> wrote:
> Source: openjpeg2
> Version: 2.2.0-1
> Severity: normal
>
> Hi Mathieu,
>
> There was an update for openjpeg2 not incoorporating the NMU changelog
> for 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3. Please consider incorporating
> those again (and double check no change was lost, I guess not that all
> should in meanwhile be included in 2.2.0, but for #851422 I'm unsure
> if it was fully covered, see the respective upstream issues which only
> partially landed in 2.2.0).
>
> Specifically there were some CVEs addressed, which are hopefully still
> be fixed in 2.2.0-1, the FTBFS defintively seems so.
>
> ----cut---------cut---------cut---------cut---------cut---------cut-----
> diff -Nru openjpeg2-2.1.2/debian/changelog openjpeg2-2.2.0/debian/changelog
> --- openjpeg2-2.1.2/debian/changelog    2017-08-12 15:54:38.000000000 +0200
> +++ openjpeg2-2.2.0/debian/changelog    2017-09-22 21:51:36.000000000 +0200
> @@ -1,26 +1,13 @@
> -openjpeg2 (2.1.2-1.3) unstable; urgency=medium
> +openjpeg2 (2.2.0-1) unstable; urgency=medium
>
> -  * Fix FTFBS (Closes: #871905)
> +  * New upstream release. Closes: #872041
> +  * Fix CVE-2016-9113. Closes: #844552
> +  * Fix CVE-2016-9114. Closes: #844553
> +  * Fix CVE-2016-9115. Closes: #844554
> +  * Fix CVE-2016-9116. Closes: #844555
> +  * Fix CVE-2016-9117. Closes: #844556
>
> - -- Moritz Muehlenhoff <jmm at debian.org>  Sat, 12 Aug 2017 15:54:38 +0200
> -
> -openjpeg2 (2.1.2-1.2) unstable; urgency=medium
> -
> -  * Non-maintainer upload
> -  * Fix CVE-2016-1626, CVE-2016-1628, CVE-2016-5152, CVE-2016-9112 and
> -    CVE-2016-9118.patch
> -
> - -- Moritz Muehlenhoff <jmm at debian.org>  Fri, 11 Aug 2017 22:17:07 +0200
> -
> -openjpeg2 (2.1.2-1.1) unstable; urgency=medium
> -
> -  * Non-maintainer upload.
> -  * Add CVE-2016-9572_CVE-2016-9573.patch patch.
> -    CVE-2016-9572: NULL pointer dereference in input decoding
> -    CVE-2016-9573: Heap out-of-bounds read due to insufficient check in
> -    imagetopnm(). (Closes: #851422)
> -
> - -- Salvatore Bonaccorso <carnil at debian.org>  Sun, 22 Jan 2017 14:18:13 +0100
> + -- Mathieu Malaterre <malat at debian.org>  Fri, 22 Sep 2017 21:51:36 +0200
>
>  openjpeg2 (2.1.2-1) unstable; urgency=medium
> ----cut---------cut---------cut---------cut---------cut---------cut-----
>
> Thanks for your time, double-checking and working on openjpeg2!

Wow ! That was bad :( Thanks for catching my mistake.

More information about the Pkg-phototools-devel mailing list