Re: Wheezy update of poco?

* Salvatore Bonaccorso [2018-01-10 22:19]: yes, if you fixed along as well CVE-2014-0350 but missed it in the initial passing to bin/gen-* then you can add the CVE manually to data/DLA/list to the respective entry (done so just a second ago). Thanks! And thanks a lot to

Re: Wheezy update of poco?

Hi Jochen, On Wed, Jan 10, 2018 at 05:29:37PM +0100, Jochen Sprickerhof wrote: > * Chris Lamb [2018-01-10 21:25]: > > Assuming you mean a DLA (!), yes please do so. If you are unsure of > > the process, I can go ahead and handle that and the changes to the > > security-tracker

Re: Wheezy update of poco?

* Chris Lamb [2018-01-10 21:25]: Assuming you mean a DLA (!), yes please do so. If you are unsure of the process, I can go ahead and handle that and the changes to the security-tracker - it can be a little fiddly. :) Done. You would also remove the entry in

Re: Wheezy update of poco?

Hi Jochen, > > You would also remove the entry in data/dla-needed.txt > > bin/gen-DLA did that already (I think). Yep, confirmed. Many thanks :) > The only missing thing from my side is CVE-2014-0350 where wheezy is > still listed as vulnerable on [..] (Takes a little while to update.)

Re: Wheezy update of poco?

Hi Jochen, > I uploaded a new version (including the fix for CVE-2014-0350) to wheezy > and it was accepted. Great; thanks for that! > - Should I send out the DSA already? Assuming you mean a DLA (!), yes please do so. If you are unsure of the process, I can go ahead and handle that and the

Re: Wheezy update of poco?

* Chris Lamb [2018-01-10 07:41]: How are you getting on, Jochen? Please let me know what you need from us. I uploaded a new version (including the fix for CVE-2014-0350) to wheezy and it was accepted. - Should I send out the DSA already? - Is it enough to add

Re: Wheezy update of poco?

Ben Hutchings wrote: > > I'm still unsure if adding isValidPath() is a ABI break > > Adding a non-virtual member function or static member variable > is not an ABI break. Thanks Ben. :) > > Will continue this evening. How are you getting on, Jochen? Please let me know what you need from us.

Re: Wheezy update of poco?

On Tue, 2018-01-09 at 09:44 +0100, Jochen Sprickerhof wrote: > Hi Chris, > > * Chris Lamb [2018-01-09 05:39]: > > Any update on this? :) > > I'm still unsure if adding isValidPath() is a ABI break: Adding a non-virtual member function or static member variable is not an ABI

Re: Wheezy update of poco?

Hi Chris, * Chris Lamb [2018-01-09 05:39]: Any update on this? :) I'm still unsure if adding isValidPath() is a ABI break: ++ static bool isValidPath(const std::string& path);

Re: Wheezy update of poco?

Hi Jochen. > > Yes, I will continue along the wiki guide tomorrow evening. > > Great stuff. Let me know if you hit any difficulties - I can probably > take your aforementioned linked patch as-is and run with that if that > helps. Any update on this? :) Regards, -- ,''`. : :' :

Re: Wheezy update of poco?

Hi Jochen, > https://anonscm.debian.org/cgit/collab-maint/poco.git/log/?h=wheezy/CVE-2017-1000472 LGTM. > Yes, I will continue along the wiki guide tomorrow evening. Great stuff. Let me know if you hit any difficulties - I can probably take your aforementioned linked patch as-is and run with

Re: Wheezy update of poco?

Hi Chris, * Chris Lamb [2018-01-06 09:30]: The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of poco: https://security-tracker.debian.org/tracker/source-package/poco I've pushed a backported and tested version of the

Wheezy update of poco?

Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of poco: https://security-tracker.debian.org/tracker/source-package/poco Would you like to take care of this yourself? If yes, please follow the workflow we have defined