Bug#924610: Bug#924609: Ports of CVE patches from Debian LTS for libsdl1.2
Felix Geyer
fgeyer at debian.org
Mon Apr 29 15:56:27 BST 2019
Hi,
On 24.04.19 21:33, Salvatore Bonaccorso wrote:
> Hi Kari,
>
> On Wed, Apr 24, 2019 at 07:15:44PM +0300, Kari Pahula wrote:
>> Hi.
>>
>> I've ported the CVE patches from Debian LTS for libsdl1.2 in unstable.
> First thanks for working on the issues!
>
> I have not reviewed your patches, but just a remark. Never just
> forward-port a patchset from an older suite to newer (although the
> version is identical here).
>
> Furthermore as Moritz pointed out, at time of writing the bugreport,
> only some of the bugs got patches, but not all were merged upstream,
> several of the CVEs got later on upstream patches rather then
> previously linked ones from the bugzilla. We should base the upload
> based on the current upstream patches which by now should be complete
> (but double check the updated references in the security-tracker).
Unfortunately there are still some bug reports without merged fixes.
I've kept the Debian security tracker up-to-date in this regard
(the CVEs with committed patches have a link to them).
Felix
More information about the Pkg-sdl-maintainers
mailing list