On Tue, 22 Nov 2016 09:00:56 -0500 Ross Vandegrift <r...@kallisti.us> said:
> On Wed, Nov 09, 2016 at 11:17:55PM +0100, Boris Faure wrote: > > > > https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5 > > > >> src/bin/termptyesc.c > > > > > > Use CVE-2015-8971. > > > > For those who wonder, this issue has been fixed in Terminology 0.9.0 > > (and 0.9.1). I do hope this will speed up the process to update > > Terminology in Debian. > > terminology 0.9.1 seems to have some regressions when used with EFL 1.8 > (new tab segfaults, resizing occasionally freezes). So for now, sid will > get 0.7.0-2 with just the backported fix that's already in > jessie-updates. > > Ross if you don't upgrade efl, i guarantee you have security exploit possibilities in various image loaders in efl. so if you care about security you won't do this "let's backport just to fix this cve" and actually upgrade. :) i know i've received mails regarding crashes thanks to fuzzing tests - they have no cve, but they could become one easily enough if someone bothered. i fixed those crashes long ago but long after 1.8. -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) ras...@rasterman.com ------------------------------------------------------------------------------ _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
