Hi,
On Wed, Jan 10, 2018 at 04:39:05PM +0100, Rainer Müller wrote:
> > I think you’re referring to Repology:
> >
> > https://repology.org
> >
> > No CVE linkages that I can see there. That would be a valuable
> > resource though.
That's the one, thanks.
> I do not think Repology would offer
On 01/10/2018 04:00 PM, Craig Treleaven wrote:
>> On Jan 10, 2018, at 4:20 AM, Clemens Lang wrote:
>> That's correct. It would be nice if we had some tooling that could check
>> for CVEs we haven't fixed yet. If you would like to grab some of the
>> existing open source tooling
> On Jan 10, 2018, at 4:20 AM, Clemens Lang wrote:
>
> Hi Perry,
>
> - On 9 Jan, 2018, at 18:27, Perry E. Metzger pe...@piermont.com wrote:
>
>> I note the version of poppler we're shipping is pretty old, and that
>> there are CVEs outstanding against it.
>>
>> Am I
Hi Perry,
- On 9 Jan, 2018, at 18:27, Perry E. Metzger pe...@piermont.com wrote:
> I note the version of poppler we're shipping is pretty old, and that
> there are CVEs outstanding against it.
>
> Am I correct in assuming that as things stand, we mostly depend on
> port owners to track
On Jan 9, 2018, at 12:27 PM, Perry E. Metzger wrote:
> Am I correct in assuming that as things stand, we mostly depend on
> port owners to track security updates on behalf of the project and
> that there isn't a security officer or any such thing? (Not
> complaining, just
Howdy!
I note the version of poppler we're shipping is pretty old, and that
there are CVEs outstanding against it.
Am I correct in assuming that as things stand, we mostly depend on
port owners to track security updates on behalf of the project and
that there isn't a security officer or any such