Hello,
On Sat 13 Apr 2024 at 12:49am +02, Ola Lundqvist wrote:
> Hi fellow LTS contributors
>
> Today I started on bind9 and realized one thing. In bullseye the
> security update is to release a new upstream version (released as
> 1:9.16.48-1) instead of patching the old version
>
Hi Ola,
On Sat, Apr 13, 2024 at 12:49:49AM +0200, Ola Lundqvist wrote:
> Hi fellow LTS contributors
>
> Today I started on bind9 and realized one thing. In bullseye the
> security update is to release a new upstream version (released as
> 1:9.16.48-1) instead of patching the old version
>
Hi fellow LTS contributors
Today I started on bind9 and realized one thing. In bullseye the
security update is to release a new upstream version (released as
1:9.16.48-1) instead of patching the old version
(1:9.16.44-1~deb11u1). For some reason the version used is -1 instead
of ~deb11u1.
Since
Hi Cyrille
On Fri, 12 Apr 2024 at 16:32, Cyrille Bollu wrote:
>
> Hi Ola,
>
> Thank you for your help.
>
> So, IIUC:
>
> 1. CVE-2019-12214 shouldn't be assigned to freeimage in Debian Buster;
> 2. CVE-2019-12214 might be assigned to source package openjpeg2 or
> openjpeg (the later doesn't seem
Hi Santiago
Yes that is better. This was just a reply to Cyrille telling that the
package in buster does not have that directory.
// Ola
On Fri, 12 Apr 2024 at 16:24, santiago wrote:
>
> Hi,
>
> El 12/04/24 a las 12:00, Ola Lundqvist escribió:
> > Hi Cyrille
> >
> > See below.
> >
> > On Fri,
Hi Ola,
Thank you for your help.
So, IIUC:
1. CVE-2019-12214 shouldn't be assigned to freeimage in Debian Buster;
2. CVE-2019-12214 might be assigned to source package openjpeg2 or
openjpeg (the later doesn't seem to be available in Buster though)
Cyrille
Le vendredi 12 avril 2024 à 12:00
Hi,
El 12/04/24 a las 12:00, Ola Lundqvist escribió:
> Hi Cyrille
>
> See below.
>
> On Fri, 12 Apr 2024 at 10:44, Cyrille Bollu wrote:
> >
> >
> > >Thank you! Do you mean that freeimage copy in those files during the
> > >build process?
> >
> > If you download the tarball at
> >
Hi Cyrille
See below.
On Fri, 12 Apr 2024 at 10:44, Cyrille Bollu wrote:
>
>
> >Thank you! Do you mean that freeimage copy in those files during the
> >build process?
>
> If you download the tarball at
> https://freeimage.sourceforge.io/download.html you'll find that the,
> once unzipped, it
>Thank you! Do you mean that freeimage copy in those files during the
>build process?
If you download the tarball at
https://freeimage.sourceforge.io/download.html you'll find that the,
once unzipped, it contains a 'Source/LibOpenJPEG' folder that contains
about the same files as
Hi
I was not aware of the ELTS customer need here.
Then we go for alternative 3. Good. Thank you.
I guess ELTS will do the development part of this.
I'll add this information to dla-needed.
// Ola
On Fri, 12 Apr 2024 at 10:25, Raphael Hertzog wrote:
>
> Hello Ola,
>
> On Fri, 12 Apr 2024,
Hello Ola,
On Fri, 12 Apr 2024, Ola Lundqvist wrote:
> I see three:
> 1) copy secteam decision and move on to the next package (I guess
> remove from dla-needed)
> 2) copy secteam decision for most of them, but fix the ones with fedora
> patches
> 3) dive in and start developing (that will take
Hi Cyrille
Thank you! Do you mean that freeimage copy in those files during the
build process?
If you could update the notes for this CVE it would be nice. I started
but realized that I had more questions and then it is better if you do
it who knows the answer.
No hurry since this is for a
FTR,
I did a small analysis, and that's for sure that CVE-2019-12214 relates
to code from openjpeg: Looking at the content of folder "LibOpenJpeg"
in freeimage 'source code show exactly the same files as in
https://github.com/uclouvain/openjpeg/tree/master/src/lib/openjp2
However, since
Hi Roberto
See below.
On Fri, 12 Apr 2024 at 00:51, Roberto C. Sánchez wrote:
>
> Hi Ola,
>
> On Thu, Apr 11, 2024 at 11:11:15PM +0200, Ola Lundqvist wrote:
> >
> > What I typically do is to read the description, and the referenced
> > material to see if the reporter seems to make sense. If
Hi Roberto
> I tried re-reading your previous email several times and I am still not
> able to figure out what you are trying to demonstrate by your counting.
> If the conclusion is as you have it above, "We clearly do not fix all
> no-dsa in any case," then I agree.
Yes, that was what I wanted
15 matches
Mail list logo