[Pkg-phototools-devel] Bug#876535: openjpeg2: Incoorporate lost changelogs (and possibly changes) for NMUs 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3

Salvatore Bonaccorso carnil at debian.org
Sat Sep 23 11:59:32 UTC 2017 

Source: openjpeg2
Version: 2.2.0-1
Severity: normal

Hi Mathieu,

There was an update for openjpeg2 not incoorporating the NMU changelog
for 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3. Please consider incorporating
those again (and double check no change was lost, I guess not that all
should in meanwhile be included in 2.2.0, but for #851422 I'm unsure
if it was fully covered, see the respective upstream issues which only
partially landed in 2.2.0).

Specifically there were some CVEs addressed, which are hopefully still
be fixed in 2.2.0-1, the FTBFS defintively seems so.

----cut---------cut---------cut---------cut---------cut---------cut-----
diff -Nru openjpeg2-2.1.2/debian/changelog openjpeg2-2.2.0/debian/changelog
--- openjpeg2-2.1.2/debian/changelog    2017-08-12 15:54:38.000000000 +0200
+++ openjpeg2-2.2.0/debian/changelog    2017-09-22 21:51:36.000000000 +0200
@@ -1,26 +1,13 @@
-openjpeg2 (2.1.2-1.3) unstable; urgency=medium
+openjpeg2 (2.2.0-1) unstable; urgency=medium

-  * Fix FTFBS (Closes: #871905)
+  * New upstream release. Closes: #872041
+  * Fix CVE-2016-9113. Closes: #844552
+  * Fix CVE-2016-9114. Closes: #844553
+  * Fix CVE-2016-9115. Closes: #844554
+  * Fix CVE-2016-9116. Closes: #844555
+  * Fix CVE-2016-9117. Closes: #844556

- -- Moritz Muehlenhoff <jmm at debian.org>  Sat, 12 Aug 2017 15:54:38 +0200
-
-openjpeg2 (2.1.2-1.2) unstable; urgency=medium
-
-  * Non-maintainer upload
-  * Fix CVE-2016-1626, CVE-2016-1628, CVE-2016-5152, CVE-2016-9112 and
-    CVE-2016-9118.patch
-
- -- Moritz Muehlenhoff <jmm at debian.org>  Fri, 11 Aug 2017 22:17:07 +0200
-
-openjpeg2 (2.1.2-1.1) unstable; urgency=medium
-
-  * Non-maintainer upload.
-  * Add CVE-2016-9572_CVE-2016-9573.patch patch.
-    CVE-2016-9572: NULL pointer dereference in input decoding
-    CVE-2016-9573: Heap out-of-bounds read due to insufficient check in
-    imagetopnm(). (Closes: #851422)
-
- -- Salvatore Bonaccorso <carnil at debian.org>  Sun, 22 Jan 2017 14:18:13 +0100
+ -- Mathieu Malaterre <malat at debian.org>  Fri, 22 Sep 2017 21:51:36 +0200

 openjpeg2 (2.1.2-1) unstable; urgency=medium
----cut---------cut---------cut---------cut---------cut---------cut-----

Thanks for your time, double-checking and working on openjpeg2!

Regards,
Salvatore

More information about the Pkg-phototools-devel mailing list