Hi Felix, On Fri, Apr 06, 2018 at 09:40:40PM +0200, Felix Natter wrote: > hello Security Team, > > here are the CVE-2018-1000069 security updates for jessie and stretch: > > [jessie] > https://anonscm.debian.org/cgit/pkg-java/freeplane.git/log/?h=jessie-CVE-2018-1000069 > (jessie-CVE-2018-1000069 branch) > > [stretch] > https://anonscm.debian.org/cgit/pkg-java/freeplane.git/log/?h=stretch-CVE-2018-1000069 > (stretch-CVE-2018-1000069 branch) > > Both are tested: > - builds > - activation log message is seen > - Save and Load XML works > > In what format would you like the "tested packages"? *.deb? > > Here is the corrsponding upstream commit: > https://github.com/freeplane/freeplane/commit/a5dce7f9f > > The debdiffs are attached.
Thanks, I will try to review and ack those over this weekend. Thanks a lot for your both work. Reegarding the question: Regarding: > In what format would you like the "tested packages"? *.deb? That's not needed. We just have the requirement that the debdiff should be the resulting one from the packages in the archive against the built and tested packages, the later for obvious reason that we want some assurance the packages have been tested to work. The debdiff requirement (rather than only VCS commits) is to avoid surprises on the actual result which will be uploaded to the archive rather than just a series of commit in the packaging repos to be reviewed. Regards, Salvatore
