On Mon, Feb 9, 2015 at 1:00 AM, Thomas Caswell <tcasw...@gmail.com> wrote: > Sorry about the bad tarball, I forgot to clean my git directory before > generating it. Another point in favor of using the gh tarball, I can't > screw it up.
I switch to GH tarball, but I must say they are a lot different than the SF ones (now we have 3 copies of the examples in doc/mpl_examples lib/mpl_examples and examples) and contains quite a lot more files (like the whole unit/ tree) and development files (.travis, .gitignore and friends), but if that's a more reliable way to get new tarball, I'm all for it - let's use this in the future :) > This is the first I have seen that CVE. > > That PR is not included in 1.4.3 because it completely over-hauls how the > Agg rendering works (and generated a whole bunch of other bugs along the > way). > > Mike: Is there a way to fix up the security issues reported on just the > 1.4.x branch with out pulling that whole patch back? there is a patch[1] attached to the Debian bug[2], I'm about to apply to the package and see how it goes, you might want to investigate+apply it in the final release [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=matplotlib-printf-buffer-overrun.patch;att=1;bug=775691 [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775691 Cheers, -- Sandro Tosi (aka morph, morpheus, matrixhasu) My website: http://matrixhasu.altervista.org/ Me at Debian: http://wiki.debian.org/SandroTosi ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Matplotlib-devel mailing list Matplotlib-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/matplotlib-devel
