Hi Thorsten, Sorry, I am completely snowed under with private life. So, please go ahead with libofx. Some links that could save your time: [1] is the upstream patch already apply in sid and buster. [2] is an example of ofx file that crash libofx.
Best regards, Dylan [1] https://anonscm.debian.org/git/pkg-gnucash/libofx.git/tree/debian/patches/CVE-2017-2816.patch [2] https://bugzilla.novell.com/show_bug.cgi?id=CVE-2017-2816 2017-09-24 19:45 GMT+02:00 Thorsten Alteholz <[email protected]>: > Hi Dylan, > > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of libofx: > https://security-tracker.debian.org/tracker/source-package/libofx > > Would you like to take care of this yourself? > > If yes, please follow the workflow we have defined here: > https://wiki.debian.org/LTS/Development > > If that workflow is a burden to you, feel free to just prepare an > updated source package and send it to [email protected] > (via a debdiff, or with an URL pointing to the source package, > or even with a pointer to your packaging repository), and the members > of the LTS team will take care of the rest. Indicate clearly whether you > have tested the updated package or not. > > If you don't want to take care of this update, it's not a problem, we > will do our best with your package. Just let us know whether you would > like to review and/or test the updated package before it gets released. > > You can also opt-out from receiving future similar emails in your > answer and then the LTS Team will take care of libofx updates > for the LTS releases. > > Thank you very much. > > Thorsten, > on behalf of the Debian LTS team. > > PS: A member of the LTS team might start working on this update at > any point in time. You can verify whether someone is registered > on this update in this file: > https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup > >
