Bug#924610: Bug#924609: Ports of CVE patches from Debian LTS for libsdl1.2
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 24 20:33:55 BST 2019
Hi Kari,
On Wed, Apr 24, 2019 at 07:15:44PM +0300, Kari Pahula wrote:
> Hi.
>
> I've ported the CVE patches from Debian LTS for libsdl1.2 in unstable.
First thanks for working on the issues!
I have not reviewed your patches, but just a remark. Never just
forward-port a patchset from an older suite to newer (although the
version is identical here).
Furthermore as Moritz pointed out, at time of writing the bugreport,
only some of the bugs got patches, but not all were merged upstream,
several of the CVEs got later on upstream patches rather then
previously linked ones from the bugzilla. We should base the upload
based on the current upstream patches which by now should be complete
(but double check the updated references in the security-tracker).
Regards,
Salvatore
More information about the Pkg-sdl-maintainers
mailing list