[Bug 1754390] Re: cfitsio vulnerability (fixed in 3.43)
I would strongly recommend updating to CFITSIO 3.44 which patched a several more issues. Though 3.45 which should be released in the next two weeks will also contain an annoying bug fix. https://heasarc.gsfc.nasa.gov/FTP/software/fitsio/c/docs/changes.txt Log of Changes Made to CFITSIO Version 3.44 - April 2018 - This release primarily patches security vulnerabilities. We strongly encourage this upgrade, particularly for those running CFITSIO in web accessible applications. . . . -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754390 Title: cfitsio vulnerability (fixed in 3.43) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cfitsio/+bug/1754390/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1754390] Re: cfitsio vulnerability (fixed in 3.43)
Thanks Achim, the sync has been requested; it's after feature freeze date, so the release team may decide to hold it up, but the upstream changelog looked encouragingly like bugfixes-only to me: https://heasarc.gsfc.nasa.gov/FTP/software/fitsio/c/docs/changes2.txt Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754390 Title: cfitsio vulnerability (fixed in 3.43) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cfitsio/+bug/1754390/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1754390] Re: cfitsio vulnerability (fixed in 3.43)
Debian sid contains the fixed cfitsio version, can someone trigger a sync to bionic? The correspondign debian bug is closed, but nevertheless even after the sync to bionic there are missing backport (in debian & ubuntu): artful xenial trusty ** Changed in: cfitsio (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754390 Title: cfitsio vulnerability (fixed in 3.43) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cfitsio/+bug/1754390/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1754390] Re: cfitsio vulnerability (fixed in 3.43)
** Changed in: cfitsio (Debian) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754390 Title: cfitsio vulnerability (fixed in 3.43) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cfitsio/+bug/1754390/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1754390] Re: cfitsio vulnerability (fixed in 3.43)
** Changed in: cfitsio (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754390 Title: cfitsio vulnerability (fixed in 3.43) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cfitsio/+bug/1754390/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1754390] Re: cfitsio vulnerability (fixed in 3.43)
** Bug watch added: Debian Bug tracker #892458 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892458 ** Also affects: cfitsio (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892458 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754390 Title: cfitsio vulnerability (fixed in 3.43) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cfitsio/+bug/1754390/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1754390] Re: cfitsio vulnerability (fixed in 3.43)
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Changed in: cfitsio (Ubuntu) Status: New => Incomplete ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754390 Title: cfitsio vulnerability (fixed in 3.43) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cfitsio/+bug/1754390/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs