Bug#826829: jessie-pu: package vorbis-tools/1.4.0-6+deb8u1
Petter Reinholdtsen
pere at hungry.com
Thu Jun 9 08:36:11 UTC 2016
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-CC: pkg-xiph-maint at lists.alioth.debian.org
On my Debian Jessie machine, three security issues in one of the
packages I maintain are reported by debsecan:
<URL: https://security-tracker.debian.org/tracker/CVE-2014-9638 >
<URL: https://security-tracker.debian.org/tracker/CVE-2014-9639 >
<URL: https://security-tracker.debian.org/tracker/CVE-2015-6749 >.
In addition there is a RC bug with vcut affecting stable (#818037).
Some of the issues was fixed in Squeeze by the LTS team (DLA-317-1), but
has not yet been fixed in Jessie. I would like to get it fixed in
stable too, to get it out of my debsecan list.
The attached patch is based on the patches in unstable, and should solve
the problems.
I asked on #debian-security if they wanted to do a DSA, but they
recommended I should use the procedure from
<URL: https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#upload-stable >.
Is it OK to upload the fix for stable?
-- System Information:
Debian Release: 8.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=no_NO (charmap=locale: Cannot set
LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vorbis-tools-stable-update.diff
Type: text/x-diff
Size: 7062 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-xiph-maint/attachments/20160609/b74e2209/attachment.diff>
More information about the pkg-xiph-maint
mailing list