Control: tag -1 pending On Thu, Jul 06, 2017 at 07:19:46AM +0200, Sebastiaan Couwenberg wrote: > On 07/03/2017 11:36 AM, Cyril Brulebois wrote: > > Bas Couwenberg <sebas...@xs4all.nl> (2017-07-01): > >> protozero 1.5.1 in stretch contains a serious bug that was fixed in > >> 1.5.2. The fix has been cherry-picked and I'd like to upload this > >> proposed-update. > >> > >> >From the changelog and patch description: > >> > >> " > >> This fixes a rather embarrassing bug in the equality operator of the > >> data_view class. The equality operator is actually never used in the > >> protozero code itself, but users of protozero might use it. This is a > >> serious bug that could lead to buffer overrun type problems. > >> " > >> > >> The issue was pointed out by the upstream author in: > >> > >> https://lists.debian.org/debian-gis/2017/07/msg00000.html > > > > Ah right, \0 characters are fun… > > > > This looks good to me, but we'll need to wait until 1.5.2-1 has reached > > testing before accepting this from stretch-new; either upload now, and > > ping when it's migrated; or upload when it's migrated, and ping us right > > afterwards. > Ping. protozero (1.5.2-1) migrated to testing today, and protozero > (1.5.1-1+deb9u1) was uploaded a few days ago. >
Flagged for acceptance, thanks for the ping. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
