Re: [Podofo-users] Next PoDoFo Release 0.9.6

Mon, 22 Jan 2018 10:26:23 -0800 

[ explicitly put Dominik in To, as I'm unsure how much he follows the
ML himself… ]

On Sun, Jan 14, 2018 at 08:48:05PM +0100, Dominik Seichter via Podofo-users 
wrote:
> The last version of PoDoFo was released almost a year ago on February 2nd
> 2017. I have seen many patches on the mailing list and also many commits to
> SVN over the last year. So, I think it is time for a new PoDoFo release
> 0.9.6.
> 
> As there might have been patches, which either Zyx or I have missing, I
> would suggest the following release time line.

In December there was a similar email to this going on, asking about a
new release.  It was pointed out that there are still known unfixed CVEs
and other important issues.
See https://sourceforge.net/p/podofo/mailman/message/36151169/

To recap from that thread:

Unfixed security issues:
https://security-tracker.debian.org/tracker/CVE-2017-6845
https://security-tracker.debian.org/tracker/CVE-2017-6846
https://security-tracker.debian.org/tracker/CVE-2017-6849
https://security-tracker.debian.org/tracker/CVE-2017-8053
https://security-tracker.debian.org/tracker/CVE-2017-8054
Plus this one without CVE that was reported in this ML: 
https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfinfoguessformat-pdfinfo-cpp/
(CVE-2017-8054 had a tentive patch)

A copyright issue:
https://sourceforge.net/p/podofo/mailman/message/35633858/

A threading problem:
https://sourceforge.net/p/podofo/mailman/message/35915862/


Who knows what more…
While you are here, would you reconsider opening a bug tracker
somewhere?  When it was proposed in the past in this ML, nobody was
against it, but everybody deferred to you iirc.

-- 
regards,
                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
more about me:  https://mapreri.org                             : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-

Attachment: signature.asc
Description: PGP signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users

Reply via email to