Bug#456148: Intend to NMU
Michael Koch
konqueror at gmx.de
Thu Dec 27 12:55:41 UTC 2007
On Sun, Dec 23, 2007 at 12:37:45AM +0530, Varun Hiremath wrote:
> Hi Nico,
>
> On Sat, 22 Dec, 2007 at 07:46:12PM +0100, Nico Golde wrote:
> > Hi Varun,
> > * Varun Hiremath <varunhiremath at iitm.ac.in> [2007-12-22 19:12]:
> > > On Sat, 22 Dec, 2007 at 04:29:31PM +0100, Nico Golde wrote:
> > > > Hi,
> > > > attached is a patch for an NMU which fixes these issues.
> > > > It will be also archived on:
> > > > http://people.debian.org/~nion/nmu-diff/libjfreechart-java-1.0.8-1_1.0.8-1.1.patch
> > >
> > > These two patches are included in the new upstream release 1.0.8a
> > > which we already have ready for upload, but it introduces new bugs
> > > [1].
> >
> > Oh thanks I missed this in the bug report.
> >
> > > The bug [1] has been fixed in the jfreechart-1.0.x-branch but
> > > that branch doesn't seem to include the security fixes, so we can't
> > > update to that branch also. So, we thought of waiting for the new
> > > 1.0.9 release which should happen any time next week.
> >
> > Waiting for security releases is considered to be bad if you
> > can gather the information for fixing this issue.
> >
> > > @ Michael, should we release 1.0.8a version?
> >
> > No please not if it breaks things.
> >
> > Can you maybe ask upstream for the patch then?
> > His changes to the branch are in revision 676 but he later
> > removed some of them in 683 so I am bit confused about the
> > status of this in the branch.
>
> Exactly, even the upstream Changelog entries are totally confusing
> and haven't mentioned anywhere clearly that it fixes the concerned
> CVE. But, still I will try to ask him for a patch.
>
> I am on vacation from day after tomorrow, so Michael, could you please
> take care of this bug?
I will take care of this. I'm in private contact with the upstream
author.
Cheers,
Michael
More information about the pkg-java-maintainers
mailing list