Hi, On Sat, Sep 03, 2016 at 10:57:13PM +0200, Frank Heckenbach wrote: > Hi, > > > On 02/09/16 06:31, Salvatore Bonaccorso wrote: > > > On Thu, Sep 01, 2016 at 12:14:02PM +0100, Robert Shearman wrote: > > >> Alternatively, I'm pretty sure that adding the resulting changes to > > >> skel.c > > >> in 0006-CVE-2016-6354.patch would work too. > > > > > > I uploaded new varaiants of the builds and the corresponding source > > > package to the same location. Still subject to testing/review before > > > doing any other steps. > > > > FWIW, I've tested the new packages you've uploaded and can confirm that > > they fix the reported compile warning. > > Me too. > > Will this fix be pushed by security.debian.org as well now, or will > I have to install it manually?
It will be pushed via security.debian.org archive "soon", since we have not confirmation. It's not intended that you will have to fix those manually on your machines. We will issue a follow-up DSA for it. > I'm asking because I'm involved with a number of machines that > probably all have gotten the bad update by now, if I have to patch > them all myself now. (I'm also asking because I found another bug in > a security update of another package, incidentally on the same day > as this one?!) What's the usual procedure for non-security bugs > introduced by security updates? (Couldn't find anything about it on > the web site.) I guess it is about a regression in the imagemagick update? If so it's as well already on security team's radar, and we will need to issue a regression update for that (there are filled bugs for those, e.g. #835488, #835650, #836189). Regards, Salvatore
signature.asc
Description: PGP signature
