[Pkg-tigervnc-devel] tigervnc 1.7.0+dfsg-5 MIGRATED to testing

Ola Lundqvist ola.lundqvist at gmail.com
Thu Feb 9 21:21:45 UTC 2017


Hi Joachim

I'll upload soon. However I have a check question first.

Is there any specific reason you made two new revisions -6 and -7 and not
just one -6?

Do you object if I change the changelog so we just step the revision once
since last upload?

Best regards

// Ola

On 9 February 2017 at 20:25, Joachim Falk <joachim.falk at gmx.de> wrote:

> Hi all,
>
> Am 09.02.2017 um 17:52 schrieb Ola Lundqvist:
> > Hi
> >
> > I think we shall try to fix both. If you can prepare that would be
> great. I can do the upload.
> >
> > / Ola
> >
> > Sent from a phone
> >
> > Den 9 feb 2017 17:49 skrev "Joachim Falk" <joachim.falk at gmx.de <mailto:
> joachim.falk at gmx.de>>:
> >
> >     Dear all,
> >
> >     Am 09.02.2017 um 17:39 schrieb Debian testing watch:
> >     > FYI: The status of the tigervnc source package
> >     > in Debian's testing distribution has changed.
> >     >
> >     >   Previous version: 1.7.0+dfsg-2
> >     >   Current version:  1.7.0+dfsg-5
> >     its time to consider what we do with our two remaining bug fixes and
> the open
> >     security problem in TigerVNC. The two bugfixes are quite self
> contained and small.
> >     Hence, I think we can prepare one new upload with them and the
> security fix
> >     and propose this for unblock to the release team.
> have determined that we are not vulnerable to CVE-2016-10207 (
> http://seclists.org/oss-sec/2017/q1/312).
> The fix has already been cheery picked into TigerVNC 1.7.0 by upstream.
> See git log below.
>
> ============================================================
> ======================
> commit e25272fc74ef09987ccaa33b9bf1736397c76fdf
> Author: Pierre Ossman <ossman at cendio.se>
> Date:   Thu Sep 8 12:31:18 2016 +0200
>
>     TigerVNC 1.7.0
>
> commit f8af13dd93e6723385811798c35d12da70d3641b
> Author: Pierre Ossman <ossman at cendio.se>
> Date:   Tue Aug 23 17:02:58 2016 +0200
>
>     Proper global init/deinit of GnuTLS
>
>     These are reference counted so it is important to retain symmetry
>     between the calls. Failure to do so will result in bad memory access
>     and crashes.
>
>     (cherry picked from commit 8aa4bc53206c2430bbf0c8f4b642f59a379ee649)
> ============================================================
> ======================
>
> Ola, you can upload 1.7.0+dfsg-7 this should close #852639 and #852633.
>
> Regards,
> Joachim
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-tigervnc-devel/attachments/20170209/c2cb695c/attachment.html>


More information about the Pkg-tigervnc-devel mailing list