Control: tags -1 + pending On Sun, 2013-10-20 at 21:51 +0100, Adam D. Barratt wrote: > On Sat, 2013-10-19 at 23:12 -0300, David Bremner wrote: > > I have prepared a targeted upload which closes two CVEs. > > > > These are relatively mild security bugs in the embedded copy of libraw > > (which cannot be trivially removed, alas). > > > > A debdiff is attached. I believe the risk of the update is relatively > > low, since according to darktable upstream only a few code paths > > actually use libraw. On the other hand, I did have to monkey with the > > patch a bit by hand to get it to apply, since libraw upstream provided > > a patch against a later version. > > Assuming the patch has been tested on a stable system, please go ahead; > thanks.
For the record, the upload occurred and I've just flagged the package for acceptance; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
