pkg-perl-maintainers team mailing list archive
-
pkg-perl-maintainers team
-
Mailing list archive
-
Message #04193
[Bug 1925985] Re: CVE-2021-22204
Thanks Alex, Paulo and Gregor. Great to have this released!
And thanks for the learning opportunity. As in, my help probably didn't
actually save you any time in the short run, because the only thing I
effectively did was change the changelog of the upstream patch, and you
had to redo that anyway because I wasn't experienced enough. But next
time I'd know how to proceed.
About the versioning, I wasn't really sure, because
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging says
0.1, but I did not recall ever seeing such a package version, and dch
automatically put 1 there. In retrospect I had all the information to
conclude it should have been 0.1 though.
Because I must say that the documentation is very well done. It was way
easier to figure everything out than expected. (I had never used dch,
debuild or debdiff before.) The full documentation is enormous, and the
SecurityTeam wiki pages distill it to the essential which is much
appreciated.
The links to 'debdiff' are broken though, and I do not know where to
report those, so I'll add them here: both
https://wiki.ubuntu.com/SponsorshipProcess and
https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue link to
https://packaging.ubuntu.com/html/traditional-
packaging.html#creating-a-debdiff , which does not exist.
--
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to libimage-exiftool-perl in Ubuntu.
https://bugs.launchpad.net/bugs/1925985
Title:
CVE-2021-22204
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libimage-exiftool-perl/+bug/1925985/+subscriptions
References