Bug#456148: Intend to NMU
Varun Hiremath
varunhiremath at gmail.com
Sat Dec 22 19:07:45 UTC 2007
Hi Nico,
On Sat, 22 Dec, 2007 at 07:46:12PM +0100, Nico Golde wrote:
> Hi Varun,
> * Varun Hiremath <varunhiremath at iitm.ac.in> [2007-12-22 19:12]:
> > On Sat, 22 Dec, 2007 at 04:29:31PM +0100, Nico Golde wrote:
> > > Hi,
> > > attached is a patch for an NMU which fixes these issues.
> > > It will be also archived on:
> > > http://people.debian.org/~nion/nmu-diff/libjfreechart-java-1.0.8-1_1.0.8-1.1.patch
> >
> > These two patches are included in the new upstream release 1.0.8a
> > which we already have ready for upload, but it introduces new bugs
> > [1].
>
> Oh thanks I missed this in the bug report.
>
> > The bug [1] has been fixed in the jfreechart-1.0.x-branch but
> > that branch doesn't seem to include the security fixes, so we can't
> > update to that branch also. So, we thought of waiting for the new
> > 1.0.9 release which should happen any time next week.
>
> Waiting for security releases is considered to be bad if you
> can gather the information for fixing this issue.
>
> > @ Michael, should we release 1.0.8a version?
>
> No please not if it breaks things.
>
> Can you maybe ask upstream for the patch then?
> His changes to the branch are in revision 676 but he later
> removed some of them in 683 so I am bit confused about the
> status of this in the branch.
Exactly, even the upstream Changelog entries are totally confusing
and haven't mentioned anywhere clearly that it fixes the concerned
CVE. But, still I will try to ask him for a patch.
I am on vacation from day after tomorrow, so Michael, could you please
take care of this bug?
Regards
Varun
--
Varun Hiremath
Undergraduate Student,
Aerospace Engineering Department,
Indian Institute of Technology Madras,
Chennai, India
---------------------------------------
Homepage : http://varun.travisbsd.org
More information about the pkg-java-maintainers
mailing list