Hi Markus,
> I'm fine with uploading tomorrow. Just send me your debdiff and I will
> incorporate your changes.
You can find the debdiff for CVE-2019-9956, CVE-2019-11598, CVE-2019-11597
and CVE-2019-10650 in attachement, along with appropriate DLA text entries.
I briefly thought of adding
> Great! I have found potential issues in upstream's patch for CVE-2019-11598
> and would maybe wait a little bit for his answer (more info in dla-needed).
>
> If he takes too long, we can just as well remove this patch from the update
> and mark it postponed until upstream addresses these
> > I have prepared an update addressing CVE-2019-9956, CVE-2019-10650,
> > CVE-2019-11598 and CVE-2019-11597. I'm currently testing it. Still OK to
> > upload during the week-end?
>
> I'm fine with uploading tomorrow. Just send me your debdiff and I will
> incorporate your changes.
Great! I
Hi Hugo,
Am 11.05.19 um 09:16 schrieb Hugo Lefeuvre:
> Hi Markus,
>
>>> Good idea. I plan to work on CVE-2019-9956, CVE-2019-10650 and possibly
>>> CVE-2019-11598. Do you think an upload ~ next week-end would be feasible
>>> for you?
>>
>> Sure, that should be feasible.
>
> I have prepared an
Hi Markus,
> > Good idea. I plan to work on CVE-2019-9956, CVE-2019-10650 and possibly
> > CVE-2019-11598. Do you think an upload ~ next week-end would be feasible
> > for you?
>
> Sure, that should be feasible.
I have prepared an update addressing CVE-2019-9956, CVE-2019-10650,
CVE-2019-11598
Am 05.05.19 um 15:01 schrieb Hugo Lefeuvre:
[...]
> Good idea. I plan to work on CVE-2019-9956, CVE-2019-10650 and possibly
> CVE-2019-11598. Do you think an upload ~ next week-end would be feasible
> for you?
>
> cheers,
> Hugo
Sure, that should be feasible.
Cheers,
Markus
signature.asc
Hi Markus,
> We contacted the security team directly without CCing the lts mailing
> list. However they didn't reply to us.
OK, Roberto forwarded the discussion to me.
> > I think the security team opted for targeted fixes in the imagemagick case,
> > at least for CVE-2019-9956 (claims remote
Hi Roberto,
> > Did you CC debian-lts? I can't find the e-mail you're referring to :)
> >
> I did not. In a few minutes I will bounce you the message from that
> discussion (there are 5 or 6). I won't bounce them to the list, though,
> as I suspect they will get flagged as spam.
Thanks for
Hi,
Am 05.05.19 um 14:34 schrieb Hugo Lefeuvre:
> Hi Markus and Roberto,
>
> I just had a look at imagemagick in jessie and did some quick triage.
>
> I saw the following notes in dla-needed:
>
> NOTE: 20190408: Still waiting on security team response to inquiries
> from (apo) and
Hi Hugo,
On Sun, May 05, 2019 at 02:34:34PM +0200, Hugo Lefeuvre wrote:
> Hi Markus and Roberto,
>
> I just had a look at imagemagick in jessie and did some quick triage.
>
> I saw the following notes in dla-needed:
>
> NOTE: 20190408: Still waiting on security team response to inquiries
>
10 matches
Mail list logo
