On Fri, Feb 13, 2015 at 12:28:28AM +0100, Markus Koschany wrote: > Control: tags -1 moreinfo > > On Thu, 12. Feb 23:13 Moritz Muehlenhoff <[email protected]> wrote: > > Package: byzanz > > Severity: important > > Tags: security > > > > Hi, > > this was reported by Red Hat: > > https://bugzilla.redhat.com/show_bug.cgi?id=852481 > > > > I'm afraid there are no further details, but maybe you can > > get in touch with upstream; I suppose Red Hat had contacted > > them and it might already be fixed by now? > > Hi Moritz, > > I have been trying to find out more about this security issue but so far > without having any luck. Apparently the bug was reported 2,5 years ago > but there are no hints at redhat's bug tracker which could help us or > would at least point us to the affected code in question. Why > did they escalate this to seclists.org just now? > > http://seclists.org/oss-sec/2015/q1/447
They did some spring cleaning of embargoed issues which fell through the cracks. > I checked upstream's git repository but I could not find any commits > related to some kind of security issue with the GIF encoder or the > playback tool. > > https://git.gnome.org/browse/byzanz/ > > However I know for sure, if upstream released a fix it would be > included in Debian. The package is up to date and only some minor language > updates from November 2014 are currently missing. > > I couldn't find anything useful at Fedora either. > > http://pkgs.fedoraproject.org/cgit/byzanz.git/ > > I will keep an eye on this Red Hat bug report but at the moment I just > have not enough information to work on something. Let's add Murray McAllister (the original reporter) to CC: Murray, can you provide additional information on the byzanz issue discovered by you, was it forwarded upstream? Cheers, Moritz -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
