Hello Mattia, hello zyx, hello all,
> Mattia Rizzolo has written on 8 December 2017 at 17:38:
>
>
> On Thu, Dec 07, 2017 at 09:57:46AM -0500, Peter Linnell wrote:
> > As I maintain Podofo for openSUSE, there are now a fair amount of CVE's
> > against Podofo with fixes in trunk. I'm wondering if we could get a
> > release out in the next few weeks ?
>
> OTOH there are still some CVEs that TTBOMK are still unfixed:
> ... snip ...
> https://security-tracker.debian.org/tracker/CVE-2017-8053
> https://security-tracker.debian.org/tracker/CVE-2017-8054
> ... snip ...
at least for the CVE-2017-8054 a fix was posted on the Debian Bug Tracking
System a few days before Christmas ([1], also linked from above). @zyx:
Although the patch was generated for adding to the Debian package, it
should apply mostly cleanly also to the trunk, could you please give the
OK for it to be included (in the package, the maintainer requested it to be
forwarded here)? For the trunk, I'd like to discuss the error code to be
used because "page not found" seems rather non-specific (for the Debian
package probably the objective is compatibility to the original version's
error codes, so please say OK for that unchanged).
>
>
> But yes, a release with the already fixed ones would be nice I agree :)
>
IMHO it'd be weird to have a full new release with known security bugs
in it, also copyright [2] (for which I recommend libunistring2) and
threading [3] problems ...
I'd love to be able to help with them (that is, I can try, but no
promises yet). Please let me have a go at them before the release.
Best regards, mabri
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860995#20
[2] https://sourceforge.net/p/podofo/mailman/message/35633858/
[3] https://sourceforge.net/p/podofo/mailman/message/35915862/
> --
> regards,
> Mattia Rizzolo
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users