Hi Markus,
On Thu, Feb 25, 2021 at 09:11:47AM +0100, Markus Koschany wrote:
> Hello security team, hello Hugo, I hope you are doing well!
>
> I have just uploaded a NMU for xcftools fixing CVE-2019-5086 and
> CVE-2019-5087.
> The new patch also addresses the 32 bit portability issues. The
Hello security team, hello Hugo, I hope you are doing well!
I have just uploaded a NMU for xcftools fixing CVE-2019-5086 and CVE-2019-5087.
The new patch also addresses the 32 bit portability issues. The basic idea
behind it is to limit possible values of width and height (which can only be
On Wed, Feb 17, 2021 at 08:31:22AM +0100, Hugo Lefeuvre wrote:
> Do you know if xcftools is only used as a build dependency, or is
> it used by some end users directly? The popcon is not that low
> and my fear is that, even after removing it from Debian, users
> would continue to use it,
Hi Salvatore and Markus,
On Thu, Feb 11, 2021 at 06:32:42AM +0100, Salvatore Bonaccorso wrote:
[...]
> On Thu, Feb 11, 2021 at 03:03:19AM +0100, Markus Koschany wrote:
> [...]
> > Am Mittwoch, den 10.02.2021, 22:03 +0100 schrieb Salvatore Bonaccorso:
> > [...]
> > >
> > > I'm not fully in favor
Hi Markus,
On Thu, Feb 11, 2021 at 03:03:19AM +0100, Markus Koschany wrote:
> Hi Salvatore,
>
> Am Mittwoch, den 10.02.2021, 22:03 +0100 schrieb Salvatore Bonaccorso:
> [...]
> >
> > I'm not fully in favor to have all the (build-)rdeps forced out of
> > Debian, that would likely not be a
Hi Salvatore,
Am Mittwoch, den 10.02.2021, 22:03 +0100 schrieb Salvatore Bonaccorso:
[...]
>
> I'm not fully in favor to have all the (build-)rdeps forced out of
> Debian, that would likely not be a benefit as seems unfair to the
> castle-game-engine, game-data-packager and neurodebian packages,
Hi Markus,
On Wed, Feb 10, 2021 at 03:17:57PM +0100, Markus Koschany wrote:
> Hello Salvatore,
>
> Am Mittwoch, den 10.02.2021, 06:30 +0100 schrieb Salvatore Bonaccorso:
> [...]
> > Question back on this.
> >
> > Is it confirmed that it fixes both CVE-2019-5086 (TALOS-2019-0878,
> >
Hello Salvatore,
Am Mittwoch, den 10.02.2021, 06:30 +0100 schrieb Salvatore Bonaccorso:
[...]
> Question back on this.
>
> Is it confirmed that it fixes both CVE-2019-5086 (TALOS-2019-0878,
> https://github.com/j-jorge/xcftools/issues/12) and CVE-2019-5087
> (TALOS-2019-0879,
Hi Markus,
On Wed, Feb 10, 2021 at 12:27:38AM +0100, Markus Koschany wrote:
> Control: tags -1 patch pending
>
> Dear maintainer,
>
> I've prepared an NMU for xcftools versioned as 1.0.7-6.1 and
> uploaded it to DELAYED/5. Please feel free to tell me if I
> should delay it longer.
>
> Regards,
Control: tags -1 patch pending
Dear maintainer,
I've prepared an NMU for xcftools versioned as 1.0.7-6.1 and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.
Regards,
Markus
diff -Nru xcftools-1.0.7/debian/changelog xcftools-1.0.7/debian/changelog
---
10 matches
Mail list logo
