On Wed, Jul 29, 2020 at 6:04 AM Bastien ROUCARIES <[email protected]> wrote: > > On Tue, Jul 28, 2020 at 12:00 AM Tong Sun > <[email protected]> wrote: > > > > Ok, let me try. > > > > Let me start with 4. Backport security patch for stable and old stable > > first, as it looks an easier starter for me. > > > > We can take the further details offline, if you want. > > Ok you could take this one. see the security tracker of imagemagick > and see if patch could be applied and synchronize with security team.
Ok, I've never done this before, so a little bit of help is needed now Basten, :) So, by "see the security tracker" I'm guessing you meant to check https://security-tracker.debian.org/tracker/source-package/imagemagick right? I saw bullseye has a lot of issues listed as vulnerable, while both stretch and buster are listed as fixed. Since buster & bullseye both has the same version, 8:6.9.10.23+dfsg-2.1, I'm wondering what are the steps I should take to fix say CVE-2020-13902, and CVE-2020-10251 (of which buster is listed as "vulnerable (no DSA, ignored)"). Thanks > > > > thx > > > > On Mon, Jul 27, 2020 at 9:08 AM Bastien ROUCARIES > > <[email protected]> wrote: > > > > > > On Mon, Jul 27, 2020 at 2:29 PM Tong Sun > > > <[email protected]> wrote: > > > > > > > > Hi Bastien, > > > > > > > > What kind of help are you looking for? > > > > > > Thanks for help. I need help from easier to harder: > > > 1. triaging bug > > > 2 CVE and security tracking, see if CVE of imagemagick apply and > > > contact security team > > > 3. See if upstream commit contains security sensitive problems and > > > contact security team > > > 4. Backport security patch for stable and old stable > > > 5. Helping me with imagemagick 6 to get latest stable update > > > 6. Helping me with getting imagemagick 7 in unstable. > > > > > > Even one item here will help, and I will help you to improve your > > > programming skills and maybe a day become a dd > > > > > > Bastien > > > > > > > > cheers > > > > > > > > On Mon, Jul 27, 2020 at 6:03 AM Bastien ROUCARIES - > > > > [email protected] > > > > <pkgoyq.xpt.34fc102261.roucaries.bastien#[email protected]> wrote: > > > > > > > > > > Hi, > > > > > > > > > > I am the dd in charge of imagemagick and i need help. > > > > > > > > > > If somebody is interested I can mentor it. > > > > > > > > > > Thanks > > > > > > > > > > Bastien > > > > > > > > > >
