* Being picky, if I reference the patch origin's URL in the patch tags, I
typically don't reference the URL in the changelog, too. This matches the
changelog template at the link above.
* As an FYI, when we receive a merge request for security sponsoring, we
generate a debdiff using the latest source package (possibly from the
-security or -updates pockets) and proceed to use the debdiff from there. So,
we generally prefer to get debdiffs from the start, but that isn't
documented. I wanted to mention it incase it is easier on you to provide a
debdiff.
Patch backport review:
* The backported CVE-2012-2085.patch is in all three releases is missing
gajim.thread_interface(p.wait) call in else block of exec_command()
* The natty and lucid debdiffs seem to have a missing "jid_tuple = (jid_id,)"
in the else block of CVE-2012-2086.patch in chunk @ 654.
Additionally, please comment on the level of testing you've done with these patches applied. Thanks!
Hi Julian - Thanks for the debdiffs! I've reviewed them and have compiled some feedback...
Debdiff review:
* New package versions are wrong. For example, the Oneiric version should be 1-1ubuntu2' . Please see the version examples at: /wiki.ubuntu. com/SecurityTea m/UpdatePrepara tion#Update_ the_packaging
'0.14.
https:/
* Being picky, if I reference the patch origin's URL in the patch tags, I
typically don't reference the URL in the changelog, too. This matches the
changelog template at the link above.
* As an FYI, when we receive a merge request for security sponsoring, we
generate a debdiff using the latest source package (possibly from the
-security or -updates pockets) and proceed to use the debdiff from there. So,
we generally prefer to get debdiffs from the start, but that isn't
documented. I wanted to mention it incase it is easier on you to provide a
debdiff.
Patch backport review:
* The backported CVE-2012-2085.patch is in all three releases is missing thread_ interface( p.wait) call in else block of exec_command()
gajim.
* The natty and lucid debdiffs seem to have a missing "jid_tuple = (jid_id,)"
in the else block of CVE-2012-2086.patch in chunk @ 654.
Additionally, please comment on the level of testing you've done with these patches applied. Thanks!