On Fri, Jul 13, 2018 at 08:17:31AM +0200, Dominik Seichter via Podofo-users wrote: > I tagged the podofo-0.9.6 release already and also provided the tarball on > sourceforge. There was no official announcement though, yet.
Right, and I already stumbled on the first issue (that wasn't in the rc1): https://sourceforge.net/p/podofo/mailman/message/36363656/ :) > I still think we should release 0.9.6, as the status of 0.9.6 is not worse > than 0.9.5 (PLEASE CORRECT ME IF I AM WRONG HERE!). > Nontheless, we should concentrate on fixing CVEs in a follow-up release. If > fixes are ready, I can provide another relase 0.9.7 in short time. I agree. I mean, it's a pity that there are known security vulnerability, but at this point several months (year+ really) passed and continue cherry-picking is not so great after a while. Not to mention, I fear the CVEs are going to keep coming... > On Thu, Jul 12, 2018 at 3:16 PM, Matthew Brincke <ma...@mailbox.org> wrote: > > firstly I apologize (especially in case the delay in reaction > > on my part is the reason PoDoFo 0.9.6 was released with CVEs > > unfixed, for some of them see below in the original message) > > for having been busy with another project and not squeezing > > this in-between, I don't think you should apologize for any of this. > > I also was unsure about you (Mattia) possibly being on vacation. Alas, I'm not able to go on vacation long enough for anybody to noticeā¦ :( > > (in the Debian changelog they had been > > mistakenly declared as fixed, and I didn't dare to send a 2nd > > e-mail or a bug report: I now fear this was wrong of me, so I > > apologize). Apart from the situation in wheezy (which can't be changed anymore), I believe everything is fine now - at least in debian's git (pending the fix for the thing above). Please correct me if I'm wrong. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Podofo-users mailing list Podofo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/podofo-users