Control: tags -1 moreinfo On Thu, 12. Feb 23:13 Moritz Muehlenhoff <j...@debian.org> wrote: > Package: byzanz > Severity: important > Tags: security > > Hi, > this was reported by Red Hat: > https://bugzilla.redhat.com/show_bug.cgi?id=852481 > > I'm afraid there are no further details, but maybe you can > get in touch with upstream; I suppose Red Hat had contacted > them and it might already be fixed by now?
Hi Moritz, I have been trying to find out more about this security issue but so far without having any luck. Apparently the bug was reported 2,5 years ago but there are no hints at redhat's bug tracker which could help us or would at least point us to the affected code in question. Why did they escalate this to seclists.org just now? http://seclists.org/oss-sec/2015/q1/447 I checked upstream's git repository but I could not find any commits related to some kind of security issue with the GIF encoder or the playback tool. https://git.gnome.org/browse/byzanz/ However I know for sure, if upstream released a fix it would be included in Debian. The package is up to date and only some minor language updates from November 2014 are currently missing. I couldn't find anything useful at Fedora either. http://pkgs.fedoraproject.org/cgit/byzanz.git/ I will keep an eye on this Red Hat bug report but at the moment I just have not enough information to work on something. Regards, Markus
signature.asc
Description: Digital signature
