On Mon, May 08, 2017 at 07:27:34PM +0200, zyx wrote: > I looked on other bunch of the CVEs and here's the result:
I've uploaded to Debian unstable most of the patches. To my count, this leaves out: https://security-tracker.debian.org/tracker/CVE-2017-8787 https://security-tracker.debian.org/tracker/CVE-2017-8378 https://security-tracker.debian.org/tracker/CVE-2017-8054 Also, the following are claimed by you to be unreproducible in current trunk, it would be very cool if somebody could identify the fixing commits: https://security-tracker.debian.org/tracker/CVE-2017-8053 https://security-tracker.debian.org/tracker/CVE-2017-6849 https://security-tracker.debian.org/tracker/CVE-2017-6846 https://security-tracker.debian.org/tracker/CVE-2017-6845 https://security-tracker.debian.org/tracker/CVE-2017-6841 Just for the record, I didn't upload the patches for the following because the first one breaks the ABI and I'm not happy to do it (two choices here: either break it as it's a private method anyway, or provide a wrapper), and the other is quite invasive and didn't have the chance to sit long enough with it. https://security-tracker.debian.org/tracker/CVE-2017-5852 https://security-tracker.debian.org/tracker/CVE-2017-7994 I got rid of that TEMP-… issue, as Mitre claimed it's not CVE-worthy, and you said it's fixed in trunk either way. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Podofo-users mailing list Podofo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/podofo-users
