[Bug 1655252] Re: Sync libxi 2:1.7.8-2 (main) from Debian unstable (main)
Timo Aaltonen
tjaalton at ubuntu.com
Tue Jan 10 13:12:09 UTC 2017
This bug was fixed in the package libxi - 2:1.7.8-2
---------------
libxi (2:1.7.8-2) unstable; urgency=medium
* Cherry-pick upstream commit 557b6079, don't free an uninitialized
buffer. Closes: #849026.
-- Emilio Pozuelo Monfort <pochu at debian.org> Thu, 29 Dec 2016 11:22:29
+0100
libxi (2:1.7.8-1) unstable; urgency=medium
[ Andreas Boll ]
* New upstream release.
- Fixes CVE-2016-7945 and CVE-2016-7946 (Closes: #840440).
* Update d/upstream/signing-key.asc with Matthieu Herrb's key.
* Update a bunch of URLs in packaging to https.
* Bump Standards-Version to 3.9.8, no changes needed.
[ Emilio Pozuelo Monfort ]
* Acknowledge 2:1.7.6-1.1 NMU.
* Cherry-pick upstream commit 7ac03c6c to plug a memory leak in the
security fix.
* Cherry-pick upstream commit 4c5c8d62, check a buffer was allocated
before writing to it.
* Bump debhelper compat to 10.
+ debhelper now calls dh-autoreconf automatically.
+ debhelper now enables --parallel by default.
* Switch to -dbgsym packages.
* debhelper passes --disable-silent-rules to configure for us.
* Drop explicit build target. dh $@ can handle it.
-- Emilio Pozuelo Monfort <pochu at debian.org> Tue, 06 Dec 2016 00:50:24
+0100
libxi (2:1.7.6-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Mark libxi-dev as Multi-Arch: same. Closes: #689068.
* Explicitly specify documentation's anchor ids instead of generating
non-reproducible ones during the build (Francois Gouget).
-- Matthias Klose <doko at debian.org> Thu, 03 Nov 2016 14:52:54 +0100
** Changed in: libxi (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7945
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7946
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1655252
Title:
Sync libxi 2:1.7.8-2 (main) from Debian unstable (main)
Status in libxi package in Ubuntu:
Fix Released
Bug description:
Please sync libxi 2:1.7.8-2 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* Mark libxi-dev as Multi-Arch: same. Closes: #689068.
* Explicitly specify documentation's anchor ids instead of generating
non-reproducible ones during the build (Francois Gouget).
This delta was applied in a Debian NMU.
Changelog entries since current zesty version 2:1.7.6-1ubuntu1:
libxi (2:1.7.8-2) unstable; urgency=medium
* Cherry-pick upstream commit 557b6079, don't free an uninitialized
buffer. Closes: #849026.
-- Emilio Pozuelo Monfort <pochu at debian.org> Thu, 29 Dec 2016
11:22:29 +0100
libxi (2:1.7.8-1) unstable; urgency=medium
[ Andreas Boll ]
* New upstream release.
- Fixes CVE-2016-7945 and CVE-2016-7946 (Closes: #840440).
* Update d/upstream/signing-key.asc with Matthieu Herrb's key.
* Update a bunch of URLs in packaging to https.
* Bump Standards-Version to 3.9.8, no changes needed.
[ Emilio Pozuelo Monfort ]
* Acknowledge 2:1.7.6-1.1 NMU.
* Cherry-pick upstream commit 7ac03c6c to plug a memory leak in the
security fix.
* Cherry-pick upstream commit 4c5c8d62, check a buffer was allocated
before writing to it.
* Bump debhelper compat to 10.
+ debhelper now calls dh-autoreconf automatically.
+ debhelper now enables --parallel by default.
* Switch to -dbgsym packages.
* debhelper passes --disable-silent-rules to configure for us.
* Drop explicit build target. dh $@ can handle it.
-- Emilio Pozuelo Monfort <pochu at debian.org> Tue, 06 Dec 2016
00:50:24 +0100
libxi (2:1.7.6-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Mark libxi-dev as Multi-Arch: same. Closes: #689068.
* Explicitly specify documentation's anchor ids instead of generating
non-reproducible ones during the build (Francois Gouget).
-- Matthias Klose <doko at debian.org> Thu, 03 Nov 2016 14:52:54 +0100
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxi/+bug/1655252/+subscriptions
More information about the Ubuntu-sponsors
mailing list