On Sat, Apr 26, 2025 at 01:25:52PM +0300, Peter Pentchev wrote: > On Sat, Apr 26, 2025 at 11:36:46AM +0200, Salvatore Bonaccorso wrote: > > Hi Peter, > > > > On Sat, Apr 26, 2025 at 09:20:46AM +0000, Debian FTP Masters wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA512 > > > > > > Format: 1.8 > > > Date: Sat, 26 Apr 2025 11:34:57 +0300 > > > Source: libarchive > > > Architecture: source > > > Version: 3.7.4-2 > > > Distribution: unstable > > > Urgency: high > > > Maintainer: Peter Pentchev <r...@debian.org> > > > Changed-By: Peter Pentchev <r...@debian.org> > > > Closes: 1103494 > > > Changes: > > > libarchive (3.7.4-2) unstable; urgency=high > > > . > > > * Acknowledge NMU; thanks, Salvatore! > > > * Point to the debian/trixie branch in the gbp.conf file since > > > the master branch in the repository already contains changes that > > > did not make it in time for the Trixie freeze. > > > * Add the CVE-2025-1632 patch. Closes: #1103494 > > > * Add the year 2025 to my debian/* copyright notice. > > > > Was there a reason not to pick the upstream commited > > https://github.com/libarchive/libarchive/commit/8ce2aca6c7d6f004f860c6619cb6cc98d51ac69a > > ? > > That was actually a very good question. The only reason I can give you > is that I had a bit of a neuron misfire and made a silly mistake - > I had two versions of the patch ready for testing and somehow I forgot > which one was which, and I kept forgetting even after adding it to > my copy of the package. > > So, yeah... Later today or tomorrow I will upload a new version of > libarchive with the upstream patch instead of this one, > > Thanks a lot for catching this, I really have no idea how it happened.
Right, so I uploaded libarchive/3.7.4-3 and, um, Salvatore, I'm sorry that that even though it is kinda sorta in the name of the new patch, again I forgot to mention CVE-2025-25724 by name in the changelog entry :/ Thanks again for spotting this and pointing it out! G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@debian.org pe...@morpheusly.com PGP key: https://www.ringlet.net/roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
signature.asc
Description: PGP signature
