Bug#966028: marked as done (buster-pu: package librsvg/2.44.10-2.1+deb10u1)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#966028: marked as done (buster-pu: package librsvg/2.44.10-2.1+deb10u1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 10 Sep 2022 12:47:36 +0000
Message-id: <[🔎] handler.966028.D966028.166281376120587.ackdone@bugs.debian.org>
Reply-to: 966028@bugs.debian.org
References: <2cfc9645343bdb910fe19c07bddfec2c428346a3.camel@adam-barratt.org.uk> <159541674186.31214.16399043785170212673.reportbug@andromeda>

Your message dated Sat, 10 Sep 2022 13:40:55 +0100
with message-id <2cfc9645343bdb910fe19c07bddfec2c428346a3.camel@adam-barratt.org.uk>
and subject line Closing requests for updates included in 10.13
has caused the Debian Bug report #966028,
regarding buster-pu: package librsvg/2.44.10-2.1+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
966028: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966028
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: buster-pu: package librsvg/2.44.10-2.1+deb10u1
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Wed, 22 Jul 2020 13:19:01 +0200
Message-id: <159541674186.31214.16399043785170212673.reportbug@andromeda>

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

This update fixes CVE-2019-20446, which the Security Team marked as
no-dsa. I considered updating to 2.44.16, which has a sensible set
of changes to the librsvg code. Unfortunately the newer tarball also
updates all of the vendored rust modules (which we do use, see #907629)
and although I have been using that newer version in buster for over
a week, I don't really feel confortable with that change (and I don't
think you'd have approved it either).

So I have gone with the minimal backport to 2.44.10 instead (which I've
also tested) and it's already uploaded. debdiff attached.

Let me know if there are any problems.

Thanks,
Emilio

--- End Message ---

--- Begin Message ---

To: 941901-done@bugs.debian.org, 945578-done@bugs.debian.org, 960396-done@bugs.debian.org, 966028-done@bugs.debian.org, 983841-done@bugs.debian.org, 987538-done@bugs.debian.org, 987941-done@bugs.debian.org, 990372-done@bugs.debian.org, 990739-done@bugs.debian.org, 991120-done@bugs.debian.org, 998390-done@bugs.debian.org, 1003293-done@bugs.debian.org, 1006182-done@bugs.debian.org, 1008056-done@bugs.debian.org, 1008062-done@bugs.debian.org, 1008154-done@bugs.debian.org, 1008163-done@bugs.debian.org, 1008578-done@bugs.debian.org, 1009065-done@bugs.debian.org, 1009076-done@bugs.debian.org, 1009251-done@bugs.debian.org, 1009652-done@bugs.debian.org, 1010060-done@bugs.debian.org, 1010193-done@bugs.debian.org, 1010305-done@bugs.debian.org, 1010380-done@bugs.debian.org, 1010388-done@bugs.debian.org, 1010615-done@bugs.debian.org, 1010858-done@bugs.debian.org, 1011030-done@bugs.debian.org, 1011272-done@bugs.debian.org, 1011286-done@bugs.debian.org, 1011360-done@bugs.debian.org, 1011745-done@bugs.debian.org, 1011943-done@bugs.debian.org, 1012048-done@bugs.debian.org, 1012066-done@bugs.debian.org, 1013347-done@bugs.debian.org, 1014145-done@bugs.debian.org, 1014200-done@bugs.debian.org, 1014346-done@bugs.debian.org, 1014860-done@bugs.debian.org, 1014907-done@bugs.debian.org, 1014909-done@bugs.debian.org, 1014912-done@bugs.debian.org, 1015243-done@bugs.debian.org, 1016169-done@bugs.debian.org, 1016176-done@bugs.debian.org, 1016198-done@bugs.debian.org, 1016439-done@bugs.debian.org, 1016671-done@bugs.debian.org, 1016733-done@bugs.debian.org, 1017112-done@bugs.debian.org, 1017393-done@bugs.debian.org, 1017998-done@bugs.debian.org, 1018048-done@bugs.debian.org, 1018080-done@bugs.debian.org, 1018086-done@bugs.debian.org, 1018092-done@bugs.debian.org, 1018095-done@bugs.debian.org, 1018096-done@bugs.debian.org, 1018097-done@bugs.debian.org, 1018101-done@bugs.debian.org, 1018107-done@bugs.debian.org, 1018108-done@bugs.debian.org, 1018151-done@bugs.debian.org, 1018152-done@bugs.debian.org, 1018178-done@bugs.debian.org, 1018179-done@bugs.debian.org, 1018182-done@bugs.debian.org, 1018184-done@bugs.debian.org, 1018185-done@bugs.debian.org, 1018199-done@bugs.debian.org, 1018241-done@bugs.debian.org, 1018244-done@bugs.debian.org, 1018246-done@bugs.debian.org, 1018250-done@bugs.debian.org

Subject: Closing requests for updates included in 10.13

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Sat, 10 Sep 2022 13:40:55 +0100

Message-id: <2cfc9645343bdb910fe19c07bddfec2c428346a3.camel@adam-barratt.org.uk>
Package: release.debian.org
Version: 10.13

Hi,

Each of the updates referenced in these bugs was included in today's
10.13 point release.

Regards,

Adam
--- End Message ---

Reply to:

Prev by Date: Bug#945578: marked as done (buster-pu: package libapache2-mod-auth-openidc/2.3.10.2-1)
Next by Date: Bug#987941: marked as done (buster-pu: package pacemaker/2.0.1-5+deb10u2)
Previous by thread: Bug#945578: marked as done (buster-pu: package libapache2-mod-auth-openidc/2.3.10.2-1)
Next by thread: Bug#987941: marked as done (buster-pu: package pacemaker/2.0.1-5+deb10u2)
Index(es):
- Date
- Thread