Hi Anton,
On Wed, Jan 01, 2020 at 11:07:16AM +0100, Anton Gladky wrote:
> Uploaded!
Thank you! (Updated the tracker information).
> Happy new year!
Same to you!
Regards,
Salvatore
Uploaded!
Happy new year!
Anton
Am Fr., 27. Dez. 2019 um 21:23 Uhr schrieb Hugo Lefeuvre :
>
> > thanks for your valuable work on this bug!
> > Yes, I can prepare update on 30-31st of December.
>
> that would be great, thanks! :-)
>
> cheers,
> Hugo
>
> --
> Hugo Lefeuvre (hle)
> thanks for your valuable work on this bug!
> Yes, I can prepare update on 30-31st of December.
that would be great, thanks! :-)
cheers,
Hugo
--
Hugo Lefeuvre (hle)|www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2
Hi Hugo,
thanks for your valuable work on this bug!
Yes, I can prepare update on 30-31st of December.
Regards
Anton
On Fri, Dec 27, 2019, 18:01 Hugo Lefeuvre wrote:
> > Sounds like a sensible plan, if we are going to release updates as
> > well for stretch and buster, so that there is not
> Sounds like a sensible plan, if we are going to release updates as
> well for stretch and buster, so that there is not "regression" (I mean
> timewise, in case upstream will not land a new version) for buster ->
> bullseye updates.
Agree! Anton, do you think you could handle this update in
HI Hugo,
On Fri, Dec 27, 2019 at 04:37:45PM +0100, Hugo Lefeuvre wrote:
> > As there will not be a fix for all CVEs in one go, let's split the bug
> > for the benefit of tracking the fixes. CVE-2019-12211 and
> > CVE-2019-12213 have the same upstream change, so will clone this into
> > three.
>
Hi,
> As there will not be a fix for all CVEs in one go, let's split the bug
> for the benefit of tracking the fixes. CVE-2019-12211 and
> CVE-2019-12213 have the same upstream change, so will clone this into
> three.
thanks Salvatore!
regarding CVE-2019-12213 and CVE-2019-12211 in unstable: I
Control: clone 929597 -1 -2
Control: retitle 929597 freeimage: CVE-2019-12211 CVE-2019-12213
Control: retitle -1 freeimage: CVE-2019-12212
Control: retitle -2 freeimage: CVE-2019-12214
Hi,
As there will not be a fix for all CVEs in one go, let's split the bug
for the benefit of tracking the
Hi,
small update:
I have updated jessie with the cherry picked patch for CVE-2019-12213 and
CVE-2019-12211.
I have contacted upstream to know when he is planning to release 3.18.1 so
that we can get this fixed in testing without cherry picking.
I am currently testing stretch and buster updates
On Tue, Jun 04, 2019 at 08:20:33PM +0200, Anton Gladky wrote:
> severity 929597 important
> thanks
>
> The fix from upstream is still not available. I am not feeling
> confident enough to provide a fix for this complex peace
> of code without breaking it.
>
> Also reducing the severity. If the
severity 929597 important
thanks
The fix from upstream is still not available. I am not feeling
confident enough to provide a fix for this complex peace
of code without breaking it.
Also reducing the severity. If the security team decides to
keep it "grave" - feel free to revert it.
Regards
There is no upstream fix still available.
I am planning to decrease the severity of
the ticket to normal and track it as a simple
security issue.
Anton
Am Mo., 27. Mai 2019 um 23:01 Uhr schrieb Anton Gladky :
>
> CVE-2019-12214 does not affect buster and stretch.
> Jessie should be double
CVE-2019-12214 does not affect buster and stretch.
Jessie should be double checked because an older
version is used there.
Anton
Am So., 26. Mai 2019 um 22:01 Uhr schrieb Anton Gladky :
>
> Hi Moritz,
>
> thanks for the reporting. As far as I see, there is still
> no available fix from upstream.
Hi Moritz,
thanks for the reporting. As far as I see, there is still
no available fix from upstream.
Cheers
Anton
Am So., 26. Mai 2019 um 21:27 Uhr schrieb Moritz Muehlenhoff :
>
> Source: freeimage
> Severity: grave
> Tags: security
>
> Please see
>
Source: freeimage
Severity: grave
Tags: security
Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12213
15 matches
Mail list logo