David MENTRE wrote:
Hello,
Same issue as my previous emails. camlimage is modified in Ubuntu. I
think the security issue is fixed in latest Debian package.
(confirmation?) What about the coma added to Build: header?
https://patches.ubuntu.com/c/camlimages/camlimages_1:3.0.1-1ubuntu1.patch
diff -pruN 1:3.0.1-1/debian/changelog 1:3.0.1-1ubuntu1/debian/changelog
--- 1:3.0.1-1/debian/changelog 2009-07-07 18:20:29.000000000 +0100
+++ 1:3.0.1-1ubuntu1/debian/changelog 2009-07-07 18:17:32.000000000 +0100
@@ -1,3 +1,12 @@
+camlimages (1:3.0.1-1ubuntu1) karmic; urgency=low
+
+ * debian/patches/fix_integer_overflows.dpatch:
+ Add patch from ocamlimages 1:3.0.1-2 to fix CVE-2009-2295 as we don't want
+ to transition to OCaml 3.11.1 yet.
+ * debian/control: Add missing comma in Build-Depends (lp: #391546).
+
+ -- Michael Bienia <geser@xxxxxxxxxx> Tue, 07 Jul 2009 16:54:47 +0200
+
These changes are included in the latest Debian package (1:3.0.1-2). So,
IMO, you can just synchronize directly the package.
Cheers,
--
Mehdi Dogguy ÙÙØÙ ØÙØÚÙ
http://dogguy.org/
--
To UNSUBSCRIBE, email to debian-ocaml-maint-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
