On Thu, Dec 07, 2017 at 09:57:46AM -0500, Peter Linnell wrote: > As I maintain Podofo for openSUSE, there are now a fair amount of CVE's > against Podofo with fixes in trunk. I'm wondering if we could get a > release out in the next few weeks ?
OTOH there are still some CVEs that TTBOMK are still unfixed: https://security-tracker.debian.org/tracker/CVE-2017-6845 https://security-tracker.debian.org/tracker/CVE-2017-6846 https://security-tracker.debian.org/tracker/CVE-2017-6849 https://security-tracker.debian.org/tracker/CVE-2017-8053 https://security-tracker.debian.org/tracker/CVE-2017-8054 Plus this one without CVE that was reported in this ML: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfinfoguessformat-pdfinfo-cpp/ But yes, a release with the already fixed ones would be nice I agree :) -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Podofo-users mailing list Podofo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/podofo-users
