Re: [Podofo-users] another bunch of crashes

Thu, 30 Mar 2017 04:29:19 -0700 

Is there any way to use SourceForge tickets just for security bugs?

It looks like some CVEs have been fixed, some CVE patches rejected, but there’s 
no way from the mailing list to tell which CVEs have been fixed because most of 
the mailing list and commit messages don’t reference the CVEs.

At the moment it’s hard even to contribute patches because there’s no way to 
tell which CVEs are fixed, which are being worked on, and which are still 
outstanding.

If SourceForge tickets don’t work is there another alternative , for example, 
an empty GitHub repo with an issue tracker?

Best Regards
Mark

Mark Rogers - mark.rog...@powermapper.com
PowerMapper Software Ltd - www.powermapper.com 
Registered in Scotland No 362274 Quartermile 2 Edinburgh EH3 9GL 
 


On 19/03/2017, 18:51, "Mattia Rizzolo" <mat...@mapreri.org> wrote:

    On Mon, Mar 13, 2017 at 01:39:00PM +0100, Mattia Rizzolo wrote:
    > On Thu, Mar 02, 2017 at 05:31:34PM +0100, Agostino Sarubbo wrote:
    > > Please consider the following:
    > > 
    > > …
    > 
    > All of these now have CVEs associated.
    
    And apparently the Debian release team is considering these severe
    enough to warrant removing libpodofo from the next debian stable release
    rather then leaving them unfixed ().
    I severely lack time (and real proper knowledge) to start to help with
    these, but I'd appreciate if you could prioritize them.
    
    > I find the Debian view for security issues particularly nice to look at:
    > https://security-tracker.debian.org/tracker/source-package/libpodofo
    
    -- 
    regards,
                            Mattia Rizzolo
    
    GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
    more about me:  https://mapreri.org                             : :'  :
    Launchpad user: https://launchpad.net/~mapreri                  `. `'`
    Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-
    

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users

Reply via email to