On Fri, Apr 13, 2018 at 08:03:31AM -0500, Dirk Eddelbuettel wrote: > > On 13 April 2018 at 14:43, Moritz Muehlenhoff wrote: > | On Fri, Apr 13, 2018 at 07:38:51AM -0500, Dirk Eddelbuettel wrote: > | > > | > On 13 April 2018 at 11:51, Moritz Mühlenhoff wrote: > | > | On Thu, Apr 12, 2018 at 05:14:18PM -0500, Dirk Eddelbuettel wrote: > | > | > > | > | > Further update. I took some files from the new (in-progress, > unfinished it > | > | > seems) upstream of libxls at https://github.com/evanmiller/libxls/, > and got > | > | > some advice from the libxls maintainer. > | > | > > | > | > He also put new issue tickets up, one per CVE: > | > | > https://github.com/evanmiller/libxls/issues > | > | > > | > | > And that builds. It does not pass all unit tests (R / CRAN packages > tend to > | > | > have lots of those) but 'almost': 4 fail, 348 pass. > | > | > > | > | > We could release this, methinks. What is your recommendation (and it > has > | > | > been years since I last had to do a security release so help is as > always > | > | > appreciated). > | > | > | > | Do all of these patches/vulnerabilities apply to the version in stable? > | > > | > I took a first look. It might just be doable. > | > > | > | Then I'd say let's fix this via security.debian.org, see > | > | > https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#bug-security-building > | > | for some references. > | > > | > Where would I get chroot for stable? > | > | There's multiple options, but e.g. with pbuilder you can simply create one > using: > | > | sudo pbuilder create --distribution stretch > > Yes, sure, I just read the link you pointed to as implying there were > ready-made-ones just an ssh away as we do (did?) for the porter machines.
Ah, ok. That doesn't exist, no. Cheers, Moritz