Re: poppler, security updates in general...

Hi, On Wed, Jan 10, 2018 at 04:39:05PM +0100, Rainer Müller wrote: > > I think you’re referring to Repology: > > > > https://repology.org > > > > No CVE linkages that I can see there. That would be a valuable > > resource though. That's the one, thanks. > I do not think Repology would offer

Re: poppler, security updates in general...

On 01/10/2018 04:00 PM, Craig Treleaven wrote: >> On Jan 10, 2018, at 4:20 AM, Clemens Lang wrote: >> That's correct. It would be nice if we had some tooling that could check >> for CVEs we haven't fixed yet. If you would like to grab some of the >> existing open source tooling

Re: poppler, security updates in general...

> On Jan 10, 2018, at 4:20 AM, Clemens Lang wrote: > > Hi Perry, > > - On 9 Jan, 2018, at 18:27, Perry E. Metzger pe...@piermont.com wrote: > >> I note the version of poppler we're shipping is pretty old, and that >> there are CVEs outstanding against it. >> >> Am I

Re: poppler, security updates in general...

Hi Perry, - On 9 Jan, 2018, at 18:27, Perry E. Metzger pe...@piermont.com wrote: > I note the version of poppler we're shipping is pretty old, and that > there are CVEs outstanding against it. > > Am I correct in assuming that as things stand, we mostly depend on > port owners to track

Re: poppler, security updates in general...

On Jan 9, 2018, at 12:27 PM, Perry E. Metzger wrote: > Am I correct in assuming that as things stand, we mostly depend on > port owners to track security updates on behalf of the project and > that there isn't a security officer or any such thing? (Not > complaining, just

poppler, security updates in general...

Howdy! I note the version of poppler we're shipping is pretty old, and that there are CVEs outstanding against it. Am I correct in assuming that as things stand, we mostly depend on port owners to track security updates on behalf of the project and that there isn't a security officer or any such