On Sat, Aug 25, 2018 at 12:20:59AM +0200, Matthew Brincke wrote: > the CVE entries referenced below are now fixed in svn r1937. > These are CVE-2017-738[1-3]. > URL: https://sourceforge.net/p/podofo/code/1937/
mh, what about CVE-2017-7380 ? To be clear, do you agree that these diffs: - https://sourceforge.net/p/podofo/code/1933 -> CVE-2017-7381 - https://sourceforge.net/p/podofo/code/1936 -> CVE-2017-7382 - https://sourceforge.net/p/podofo/code/1937 -> CVE-2017-7383 are enough to cover the referenced CVEs by themselves (it surely looks so to me reading the description and the diff). > This means also: the Debian security tracker should be updated > (the "fixed versions" there didn't fix it AFAIK). :( BTW, if you wish you could directly provide me diffs against https://salsa.debian.org/security-tracker-team/security-tracker.git (file data/CVE/list), just beware that is a very weird git repository, it's going to melt your CPU. That would potentially save round-trips and misunderstandings :) -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Podofo-users mailing list Podofo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/podofo-users
