On Fri, Apr 13, 2018 at 07:38:51AM -0500, Dirk Eddelbuettel wrote:
> 
> On 13 April 2018 at 11:51, Moritz Mühlenhoff wrote:
> | On Thu, Apr 12, 2018 at 05:14:18PM -0500, Dirk Eddelbuettel wrote:
> | > 
> | > Further update. I took some files from the new (in-progress, unfinished it
> | > seems) upstream of libxls at https://github.com/evanmiller/libxls/, and 
> got
> | > some advice from the libxls maintainer.
> | > 
> | > He also put new issue tickets up, one per CVE:
> | > https://github.com/evanmiller/libxls/issues
> | > 
> | > And that builds.  It does not pass all unit tests (R / CRAN packages tend 
> to
> | > have lots of those) but 'almost': 4 fail, 348 pass.
> | > 
> | > We could release this, methinks.  What is your recommendation (and it has
> | > been years since I last had to do a security release so help is as always
> | > appreciated).
> | 
> | Do all of these patches/vulnerabilities apply to the version in stable?
> 
> I took a first look. It might just be doable.
> 
> | Then I'd say let's fix this via security.debian.org, see
> | 
> https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#bug-security-building
> | for some references.
> 
> Where would I get chroot for stable?

There's multiple options, but e.g. with pbuilder you can simply create one 
using:

sudo pbuilder create --distribution stretch 

Cheers,
        Moritz

Reply via email to