* Salvatore Bonaccorso [2018-01-10 22:19]:
yes, if you fixed along as well CVE-2014-0350 but missed it in the
initial passing to bin/gen-* then you can add the CVE manually to
data/DLA/list to the respective entry (done so just a second ago).
Thanks!
And thanks a lot to
Hi Jochen,
On Wed, Jan 10, 2018 at 05:29:37PM +0100, Jochen Sprickerhof wrote:
> * Chris Lamb [2018-01-10 21:25]:
> > Assuming you mean a DLA (!), yes please do so. If you are unsure of
> > the process, I can go ahead and handle that and the changes to the
> > security-tracker
* Chris Lamb [2018-01-10 21:25]:
Assuming you mean a DLA (!), yes please do so. If you are unsure of
the process, I can go ahead and handle that and the changes to the
security-tracker - it can be a little fiddly. :)
Done.
You would also remove the entry in
Hi Jochen,
> > You would also remove the entry in data/dla-needed.txt
>
> bin/gen-DLA did that already (I think).
Yep, confirmed. Many thanks :)
> The only missing thing from my side is CVE-2014-0350 where wheezy is
> still listed as vulnerable on [..]
(Takes a little while to update.)
Hi Jochen,
> I uploaded a new version (including the fix for CVE-2014-0350) to wheezy
> and it was accepted.
Great; thanks for that!
> - Should I send out the DSA already?
Assuming you mean a DLA (!), yes please do so. If you are unsure of
the process, I can go ahead and handle that and the
* Chris Lamb [2018-01-10 07:41]:
How are you getting on, Jochen? Please let me know what you need
from us.
I uploaded a new version (including the fix for CVE-2014-0350) to wheezy
and it was accepted.
- Should I send out the DSA already?
- Is it enough to add
Ben Hutchings wrote:
> > I'm still unsure if adding isValidPath() is a ABI break
>
> Adding a non-virtual member function or static member variable
> is not an ABI break.
Thanks Ben. :)
> > Will continue this evening.
How are you getting on, Jochen? Please let me know what you need
from us.
On Tue, 2018-01-09 at 09:44 +0100, Jochen Sprickerhof wrote:
> Hi Chris,
>
> * Chris Lamb [2018-01-09 05:39]:
> > Any update on this? :)
>
> I'm still unsure if adding isValidPath() is a ABI break:
Adding a non-virtual member function or static member variable is not
an ABI
Hi Chris,
* Chris Lamb [2018-01-09 05:39]:
Any update on this? :)
I'm still unsure if adding isValidPath() is a ABI break:
++ static bool isValidPath(const std::string& path);
Hi Jochen.
> > Yes, I will continue along the wiki guide tomorrow evening.
>
> Great stuff. Let me know if you hit any difficulties - I can probably
> take your aforementioned linked patch as-is and run with that if that
> helps.
Any update on this? :)
Regards,
--
,''`.
: :' :
Hi Jochen,
> https://anonscm.debian.org/cgit/collab-maint/poco.git/log/?h=wheezy/CVE-2017-1000472
LGTM.
> Yes, I will continue along the wiki guide tomorrow evening.
Great stuff. Let me know if you hit any difficulties - I can probably
take your aforementioned linked patch as-is and run with
Hi Chris,
* Chris Lamb [2018-01-06 09:30]:
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of poco:
https://security-tracker.debian.org/tracker/source-package/poco
I've pushed a backported and tested version of the
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of poco:
https://security-tracker.debian.org/tracker/source-package/poco
Would you like to take care of this yourself?
If yes, please follow the workflow we have defined
13 matches
Mail list logo