[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#849725: jessie-pu cairo/1.14.0-2.1+deb8u2

Hi Adam,

On Sat, Dec 31, 2016 at 04:58:46PM +0000, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Fri, 2016-12-30 at 07:52 +0100, Salvatore Bonaccorso wrote:
> > src:cairo in jessie is affected by CVE-2016-9082 which would not
> > warrant a DSA. A while back in october the issue was already fixed in
> > unstable, cf. #842289. I would like to propose the attached debdiff
> > for the upcoming point release.
> 
> Please go ahead.

Thanks uploaded.

> > Note: in the 1.14.0-2.1 -> 1.14.0-2.1+deb8u1 the binary package
> > binary-cairo-perf-utils got one more binary added
> > (/usr/bin/cairo-perf-graph-files). Whit this update that goes back to
> > the 1.14.0-2.1 situation.
> 
> Do we know why that happened?

I do not know. Cc'ing Moritz. But I guess the build environment might
have had an addtional package installed. Because it is not the case
for the binary packages built by the buildd's, e.g. i386:

$ debdiff cairo-perf-utils_1.14.0-2.1_i386.deb cairo-perf-utils_1.14.0-2.1+deb8u1_i386.deb
File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)
------------------------------------------------
Version: [-1.14.0-2.1-] {+1.14.0-2.1+deb8u1+}

Regards,
Salvatore
Reply to: